Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Oracle Kernel Important Race Condition Security Advisory ELSA-2026-50372

oracle
Calendar Grey July 6, 2026
Oracle Linux Logo Esm H88
Important advisory from Oracle regarding security updates for kernel vulnerabilities, enhancing system stability and security.
The following updated rpms for have been uploaded to the Unbreakable Linux Network:

Summary

[6.12.0-204.92.4.2] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673880] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) {CVE-2026-46331} - net_sched: act_pedit: use RCU in tcf_pedit_dump() (Eric Dumazet) [Orabug: 39668752] - eventpoll: fix ep_remove struct eventpoll / struct file UAF (Christian Brauner) [Orabug: 39668743] {CVE-2026-46242} - eventpoll: move epi_fget() up (Christian Brauner) [Orabug: 39668743] - eventpoll: rename ep_remove_safe() back to ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: drop vestigial __ prefix from ep_remove_{file,epi}() (Christian Brauner) [Orabug: 39668743] - eventpoll: kill __ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: split __ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: use hlist_is_singular_node() in __ep_remove() (Christian Brauner) [Orabug: 39668743] [6.12.0-204.92.4.1] - net: skbuff: fix missi...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-204.92.4.2.el10uek.src.rpm

x86_64

kernel-uek-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-core-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-devel-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-doc-6.12.0-204.92.4.2.el10uek.noarch.rpm kernel-uek-modules-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-core-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-tools-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-debug-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-debug-core-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-204.92.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-204.92.4.2.el10uek.x86_6...

Read the Full Advisory

aarch64

kernel-uek-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-devel-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-doc-6.12.0-204.92.4.2.el10uek.noarch.rpm kernel-uek-modules-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-tools-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-devel-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-204.92.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-204.92.4.2.el10uek.aarch64.rpm - uek-rpm/config-aarch64: Enable Vera firmware and memory attribute support (Vijay Kumar) [Orabug: 39387242] - NVIDIA: VR: SAUCE: arm64: Add workaround to convert MT_NORMAL_NC to Device-nGnRE (Shanker Donthineni) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: lfa: fix work item re-initialization race (Nirmoy Das) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: lfa: handle LFA_BUSY and improve SMC retry pacing (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: CCA: SAUCE: arm_pmu: Provide a mechanism for disabling the physical IRQ (Steven Price) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: register as platform driver (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: add timeout, touch wdt (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: add support for Live Firmware Activation (LFA) (Salman Nabi) [Orabug: 39387242] - NVIDIA: VR: SAUCE: iommu/arm-smmu-v3: Allow ATS to be always on (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for non-CXL NVIDIA GPUs (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for CXL.cache capable devices (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: soc/tegra: pmc: Add PMC support for Tegra410 (Kartik Rajput) [Orabug: 39387242] - soc/tegra: pmc: Add Tegra264 support (Thierry Reding) [Orabug: 39387242] - NVIDIA: VR: SAUCE: soc/tegra: misc: Use SMCCC to get chipid (Kartik Rajput) [Orabug: 39387242] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429137] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429137] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429137] - uek-rpm: disable kABI size checks in debug configs (Saeed Mirzamohammadi) [Orabug: 39442662] - smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463671] {CVE-2026-46243} [6.12.0-204.87.2] - Reapply "x86/kexec: add a sanity check on previous kernel's ima kexec buffer" (Harshit Mogalapalli) [Orabug: 39419018] - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368826,39441323] {CVE-2026-43503,CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368826] {CVE-2026-46300} - LTS version: v6.12.87 (Sherry Yang) - LTS version: v6.12.86 (Sherry Yang) - netfilter: reject zero shift in nft_bitwise (Kai Ma) [Orabug: 39452464] {CVE-2026-46101} - net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (Andrea Mayer) [Orabug: 39452457] {CVE-2026-46099} - ALSA: caiaq: fix usb_dev refcount leak on probe failure (Deepanshu Kartikey) [Orabug: 39452739] {CVE-2026-46048} - drm/amdgpu: fix zero-size GDS range init on RDNA4 (Arjan van de Ven) - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (Greg Kroah-Hartman) [Orabug: 39426003] {CVE-2026-43501} - ALSA: caiaq: Don't abort when no input device is available (Takashi Iwai) - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (Takashi Iwai) [Orabug: 39452746] {CVE-2026-45992} - net: bonding: fix use-after-free in bond_xmit_broadcast() (Xiang Mei) [Orabug: 39205989] {CVE-2026-31419} - crypto: authencesn - reject short ahash digests during instance creation (Yucheng Lu) [Orabug: 39452231] {CVE-2026-46033} - mm: prevent droppable mappings from being locked (Anthony Yznaga) - spi: fix resource leaks on device setup failure (Johan Hovold) [Orabug: 39452400] {CVE-2026-46083} - net: qrtr: ns: Limit the total number of nodes (Manivannan Sadhasivam) [Orabug: 39452123] {CVE-2026-46003} - net: mctp: fix don't require received header reserved bits to be zero (Yuanzhaoming) - net: bridge: use a stable FDB dst snapshot in RCU readers (Zhengchuan Liang) [Orabug: 39452411] {CVE-2026-46086} - net: qrtr: ns: Limit the maximum number of lookups (Manivannan Sadhasivam) [Orabug: 39452207] {CVE-2026-46026} - net: qrtr: ns: Limit the maximum server registration per node (Manivannan Sadhasivam) [Orabug: 39410851] {CVE-2026-43491} - iio: frequency: admv1013: fix NULL pointer dereference on str (Antoniu Miclaus) - iio: frequency: admv1013: add dev variable (Antoniu Miclaus) - block: relax pgmap check in bio_add_page for compatible zone device pages (Naman Jain) - RDMA/mana_ib: Disable RX steering on RSS QP destroy (Long Li) [Orabug: 39452406] {CVE-2026-46084} - media: rc: igorplugusb: heed coherency rules (Oliver Neukum) [Orabug: 39452432] {CVE-2026-46091} - ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (Thorsten Blum) - media: rc: ttusbir: respect DMA coherency rules (Oliver Neukum) - mm/zsmalloc: copy KMSAN metadata in zs_page_migrate() (Shigeru Yoshida) - ALSA: aoa: i2sbus: clear stale prepared state (Cássio Gabriel) - ALSA: aoa: Use guard() for mutex locks (Takashi Iwai) - mm: migrate: requeue destination folio on deferred split queue (Usama Arif) - mm/migrate: move movable_ops page handling out of move_to_new_folio() (David Hildenbrand) - mm/migrate: factor out movable_ops page handling into migrate_movable_ops_page() (David Hildenbrand) - wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (Daniel Hodges) [Orabug: 39452343] {CVE-2026-46069} - wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (Sean Wang) - wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (Sean Wang) - thermal: core: Fix thermal zone governor cleanup issues (Rafael J. Wysocki) [Orabug: 39452186] {CVE-2026-46021} - ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id() (Daemyung Kang) - ksmbd: replace connection list with hash table (Namjae Jeon) - ksmbd: use msleep instaed of schedule_timeout_interruptible() (Namjae Jeon) - f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally (Chao Yu) - lib: test_hmm: evict device pages on file close to avoid use-after-free (Alistair Popple) - f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() (Yongpeng Yang) - smb: client: validate the whole DACL before rewriting it in cifsacl (Michael Bommarito) [Orabug: 39300611] {CVE-2026-31709} - seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode (Andrea Mayer) - scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (Yang Xiuwei) [Orabug: 39452100] {CVE-2026-45997} - rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39425998] {CVE-2026-43499} - ntfs3: fix integer overflow in run_unpack() volume boundary check (Tobi Gaertner) - ntfs3: add buffer boundary checks to run_unpack() (Tobi Gaertner) - ktest: Fix the month in the name of the failure directory (Steven Rostedt) - ceph: only d_add() negative dentries when they are unhashed (Max Kellermann) [Orabug: 39452291] {CVE-2026-46052} - dm mirror: fix integer overflow in create_dirty_log() (Junrui Luo) [Orabug: 39452196] {CVE-2026-46023} - crypto: nx - Fix packed layout in struct nx842_crypto_header (Gustavo A R Silva) - crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (Thorsten Blum) - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (Thorsten Blum) - crypto: atmel-sha204a - Fix error codes in OTP reads (Thorsten Blum) - crypto: atmel-tdes - fix DMA sync direction (Thorsten Blum) - crypto: ccree - fix a memory leak in cc_mac_digest() (Haoxiang Li) - crypto: hisilicon - Fix dma_unmap_single() direction (Thomas Fourier) - crypto: atmel-ecc - Release client on allocation failure (Thorsten Blum) - crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (Thorsten Blum) - crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit (Eric Biggers) - can: ucan: fix devres lifetime (Johan Hovold) - bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays (Qiang Yu) - Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (Shuvam Pandey) [Orabug: 39452304] {CVE-2026-46056} - apparmor: use target task's context in apparmor_getprocattr() (Cengiz Can) - mfd: core: Preserve OF node when ACPI handle is present (Brian Mak) - taskstats: set version in TGID exit notifications (Yiyang Chen) - tcp: call sk_data_ready() after listener migration (Zhenzhong Wu) [Orabug: 39452159] {CVE-2026-46015} - wifi: rtl8xxxu: fix potential use of uninitialized value (Yi Cong) - x86/cpu: Disable FRED when PTI is forced on (Dave Hansen) - inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (Chia-Ming Chang) [Orabug: 39452250] {CVE-2026-46040} - HID: apple: ensure the keyboard backlight is off if suspending (Aditya Garg) - check-uapi: link into shared objects (Arnd Bergmann) - md/raid5: validate payload size before accessing journal metadata (Junrui Luo) [Orabug: 39452349] {CVE-2026-46070} - md/raid5: fix soft lockup in retry_aligned_read() (Chia-Ming Chang) [Orabug: 39452287] {CVE-2026-46051} - amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 (David (Ming Qiang) Wu) - mtd: spi-nor: sst: Fix write enable before AAI sequence (Sanjaikumar V S) - ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (Sohei Koyama) [Orabug: 39452269] {CVE-2026-46046} - ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (Deepanshu Kartikey) [Orabug: 39452442] {CVE-2026-46094} - perf annotate: Use jump__delete when freeing LoongArch jumps (Rong Bao) - io_uring/poll: fix multishot recv missing EOF on wakeup race (Jens Axboe) {CVE-2026-23473} - KVM: nSVM: Always intercept VMMCALL when L2 is active (Sean Christopherson) - KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (Kevin Cheng) [Orabug: 39452372] {CVE-2026-46076} - KVM: nSVM: Add missing consistency check for nCR3 validity (Yosry Ahmed) - KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS (Yosry Ahmed) - KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID) (Yosry Ahmed) - KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN (Yosry Ahmed) - KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode (Yosry Ahmed) - KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts (Sean Christopherson) - KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (Kevin Cheng) [Orabug: 39452394] {CVE-2026-46082} - KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (Yosry Ahmed) [Orabug: 39452061] {CVE-2026-45987} - KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2 (Yosry Ahmed) - KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state (Yosry Ahmed) - KVM: x86: Defer non-architectural deliver of exception payload to userspace read (Sean Christopherson) - userfaultfd: allow registration of ranges below mmap_min_addr (Denis M. Karpov) - mm/damon/core: use time_in_range_open() for damos quota window start (Seongjae Park) - rtc: ntxec: fix OF node reference imbalance (Johan Hovold) - tpm: tpm_tis: stop transmit if retries are exhausted (Jacqueline Wong) - tpm: tpm_tis: add error logging for data transfer (Jacqueline Wong) - tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (Gunnar Kudrjavets) - tpm: Fix auth session leak in tpm2_get_random() error path (Gunnar Kudrjavets) - pwm: imx-tpm: Count the number of enabled channels in probe (Viorel Suman) - crypto: talitos - rename first/last to first_desc/last_desc (Paul Louvel) - crypto: talitos - fix SEC1 32k ahash request limitation (Paul Louvel) - firmware: google: framebuffer: Do not unregister platform device (Thomas Zimmermann) - xfs: fix a resource leak in xfs_alloc_buftarg() (Haoxiang Li) [Orabug: 39452131] {CVE-2026-46005} - arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins (Francesco Dolcini) - mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (Shawn Lin) - mmc: block: use single block write in retry (Bin Liu) - randomize_kstack: Maintain kstack_offset per task (Ryan Roberts) - hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() (Sanman Pradhan) - power: supply: axp288_charger: Do not cancel work before initializing it (Krzysztof Kozlowski) - LoongArch: Show CPU vulnerabilites correctly (Huacai Chen) - tpm: avoid -Wunused-but-set-variable (Arnd Bergmann) - extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' (Nathan Chancellor) - libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (Raphael Zimmer) [Orabug: 39452201] {CVE-2026-46024} - ipv4: icmp: validate reply type before using icmp_pointers (Ruide Cao) [Orabug: 39452243] {CVE-2026-46037} - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (Hkbinbin) [Orabug: 39452259] {CVE-2026-46043} - drm/arcpgu: fix device node leak (Luca Ceresoli) - net: ks8851: Avoid excess softirq scheduling (Marek Vasut) - netconsole: avoid out-of-bounds access on empty string in trim_newline() (Breno Leitao) - net: ks8851: Reinstate disabling of BHs around IRQ handler (Marek Vasut) - net/smc: avoid early lgr access in smc_clc_wait_msg (Ruijie Li) - net: txgbe: fix firmware version check (Jiawen Wu) - net: qrtr: ns: Free the node during ctrl_cmd_bye() (Manivannan Sadhasivam) [Orabug: 39452246] {CVE-2026-46038} - arm64: dts: marvell: uDPU: add ethernet aliases (Robert Marko) - tools/accounting: handle truncated taskstats netlink messages (Yiyang Chen) - rxrpc: Fix rxkad crypto unalignment handling (David Howells) [Orabug: 39452728] {CVE-2026-46085} - rxrpc: Fix memory leaks in rxkad_verify_response() (David Howells) - iio: adc: ad7768-1: fix one-shot mode data acquisition (Jonathan Santos) - ALSA: pcmtest: Fix resource leaks in module init error paths (Cássio Gabriel) - ALSA: pcmtest: fix reference leak on failed device registration (Guangshuo Li) - ALSA: 6fire: Fix input volume change detection (Cássio Gabriel) - ALSA: caiaq: Handle probe errors properly (Takashi Iwai) [Orabug: 39452126] {CVE-2026-46004} - ALSA: caiaq: Fix control_put() result and cache rollback (Cássio Gabriel) - ALSA: core: Fix potential data race at fasync handling (Takashi Iwai) - io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE (Jens Axboe) - io_uring/poll: fix signed comparison in io_poll_get_ownership() (Longxuan Yu) - iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (David Lechner) - io_uring/timeout: check unused sqe fields (Pavel Begunkov) - block: fix zone write plugs refcount handling in disk_zone_wplug_schedule_bio_work() (Damien Le Moal) - rbd: fix null-ptr-deref when device_add_disk() fails (Dawei Feng) [Orabug: 39452385] {CVE-2026-46079} - selftests/landlock: Fix format warning for __u64 in net_test (Mickaël Salaün) - selftests/mqueue: Fix incorrectly named file (Simon Liebold) - sched: Use u64 for bandwidth ratio calculations (Joseph Salisbury) - remoteproc: xlnx: Only access buffer information if IPI is buffered (Ben Levinsky) - parisc: _llseek syscall is only available for 32-bit userspace (Helge Deller) - nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set (Robert Beckett) - nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4 (Robert Beckett) - mtd: docg3: fix use-after-free in docg3_release() (James Kim) - mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused (Marek Vasut) - md/raid10: fix deadlock with check operation and nowait requests (Josh Hunt) [Orabug: 39452284] {CVE-2026-46050} - jbd2: fix deadlock in jbd2_journal_cancel_revoke() (Zhang Yi) [Orabug: 39452318] {CVE-2026-46061} - erofs: fix the out-of-bounds nameoff handling for trailing dirents (Gao Xiang) [Orabug: 39452380] {CVE-2026-46078} - ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (Cássio Gabriel) - ALSA: ctxfi: Add fallback to default RSR for S/PDIF (Harin Lee) [Orabug: 39452280] {CVE-2026-46049} - ALSA: aoa: i2sbus: fix OF node lifetime handling (Cássio Gabriel) - ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() (Vasiliy Kovalev) [Orabug: 39452119] {CVE-2026-46002} - net: qrtr: ns: Fix use-after-free in driver remove() (Manivannan Sadhasivam) [Orabug: 39452274] {CVE-2026-46047} - media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (Chen Ni) - lib/ts_kmp: fix integer overflow in pattern length calculation (Josh Law) - PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete (Daniel Hodges) - Revert "ALSA: usb: Increase volume range that triggers a warning" (Rongrong) - PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (Koichiro Den) - crypto: atmel-sha204a - Fix OTP sysfs read and error handling (Thorsten Blum) - media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (Fan Wu) - net: strparser: fix skb_head leak in strp_abort_strp() (Luxiao Xu) [Orabug: 39452468] {CVE-2026-46102} - net: caif: clear client service pointer on teardown (Zhengchuan Liang) - ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (Ziqing Chen) [Orabug: 39452416] {CVE-2026-46088} - media: amphion: Fix race between m2m job_abort and device_run (Ming Qian) - hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt (Sanman Pradhan) - of: unittest: fix use-after-free in testdrv_probe() (Xu Wang) - of: unittest: fix use-after-free in of_unittest_changeset() (Xu Wang) - crypto: pcrypt - Fix handling of MAY_BACKLOG requests (Herbert Xu) [Orabug: 39410863] {CVE-2026-43493} - mm/memory_hotplug: fix hwpoisoned large folio handling in do_migrate_range() (Tu Jinjiang) - spi: ch341: fix memory leaks on probe failures (Johan Hovold) - spi: imx: fix use-after-free on unbind (Johan Hovold) - um: drivers: call kernel_strrchr() explicitly in cow_user.c (Michael Bommarito) - vfio/cdx: Fix NULL pointer dereference in interrupt trigger path (Prasanna Kumar T S M) - vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex (Alex Williamson) - wifi: rtw88: check for PCI upstream bridge existence (Fedor Pchelkin) [Orabug: 39452437] {CVE-2026-46092} - zram: do not forget to endio for partial discard requests (Sergey Senozhatsky) [Orabug: 39452420] {CVE-2026-46089} - ocfs2: split transactions in dio completion to avoid credit exhaustion (Heming Zhao) [Orabug: 39452388] {CVE-2026-46080} - device property: Make modifications of fwnode "flags" thread safe (Douglas Anderson) - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (Jesse Zhang) [Orabug: 39167551] {CVE-2026-23468} - drm/amdgpu: Use vmemdup_array_user in amdgpu_bo_create_list_entry_array (Tvrtko Ursulin) - rust: init: fix clippy::undocumented_unsafe_blocks warnings (Miguel Ojeda) - padata: Remove comment for reorder_work (Herbert Xu) - padata: Fix pd UAF once and for all (Herbert Xu) [Orabug: 38335055] {CVE-2025-38584} - arm64/mm: Enable batched TLB flush in unmap_hotplug_range() (Anshuman Khandual) - firmware: google: framebuffer: Do not mark framebuffer as busy (Thomas Zimmermann) - kbuild: rust: allow clippy::uninlined_format_args (Miguel Ojeda) - drm/nouveau: fix nvkm_device leak on aperture removal failure (David Carlier) - ibmasm: fix heap over-read in ibmasm_send_i2o_message() (Tyllis Xu) - ibmasm: fix OOB reads in command_file_write due to missing size checks (Tyllis Xu) - misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt() (Tyllis Xu) - greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames() (Weigang He) - greybus: gb-beagleplay: bound bootloader receive buffering (Pengpeng Hou) - leds: qcom-lpg: Check for array overflow when selecting the high resolution (Greg Kroah-Hartman) - drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (Greg Kroah-Hartman) [Orabug: 39452133] {CVE-2026-46006} - LoongArch: Add spectre boundry for syscall dispatch table (Greg Kroah-Hartman) - ALSA: usb-audio: Evaluate packsize caps at the right place (Takashi Iwai) - usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (Xu Yang) - usb: chipidea: otg: not wait vbus drop if use role_switch (Xu Yang) - usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (Michał Pecio) - ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (Cássio Gabriel) - ALSA: usb-audio: Avoid false E-MU sample-rate notifications (Cássio Gabriel) - ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (Cássio Gabriel) [Orabug: 39452170] {CVE-2026-46018} - LTS version: v6.12.85 (Sherry Yang) - Buffer overflow in drivers/xen/sys-hypervisor.c (Juergen Gross) [Orabug: 39305898] {CVE-2026-31786} - xen/privcmd: fix double free via VMA splitting (Juergen Gross) [Orabug: 39305908] {CVE-2026-31787} - LTS version: v6.12.84 (Sherry Yang) - rxrpc: Fix missing validation of ticket length in non-XDR key preparsing (Anderson Nascimento) [Orabug: 39300563] {CVE-2026-31696} - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31697} - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31698} - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31699} - net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (Bingquan Chen) {CVE-2026-31700} - ALSA: caiaq: take a reference on the USB device in create_card() (Berk Cem Goksel) [Orabug: 39300586] {CVE-2026-31701} - ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (Cryolitia Pukngae) - f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() (George Saad) - ksmbd: use check_add_overflow() to prevent u16 DACL size overflow (Tristan Madani) - ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment (Tristan Madani) - ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() (Michael Bommarito) - ksmbd: validate response sizes in ipc_validate_msg() (Michael Bommarito) - smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (Michael Bommarito) [Orabug: 39300607] {CVE-2026-31708} - smb: client: require a full NFS mode SID before reading mode bits (Michael Bommarito) [Orabug: 39343707] {CVE-2026-43350} - smb: server: fix max_connections off-by-one in tcp accept path (Daemyung Kang) - smb: server: fix active_num_conn leak on transport allocation failure (Michael Bommarito) - ksmbd: require minimum ACE size in smb_check_perm_dacl() (Michael Bommarito) - fuse: quiet down complaints in fuse_conn_limit_write (Darrick J. Wong) - fuse: Check for large folio with SPLICE_F_MOVE (Bernd Schubert) - fuse: reject oversized dirents in page cache (Samuel Page) [Orabug: 39300556] {CVE-2026-31694} - f2fs: fix to avoid memory leak in f2fs_rename() (Chao Yu) - fs/ntfs3: validate rec->used in journal-replay file record check (Greg Kroah-Hartman) - scripts/dtc: Remove unused dts_version in dtc-lexer.l (Nathan Chancellor) - ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger (Namjae Jeon) - mm/pagewalk: fix race between concurrent split and refault (Max Boone) [Orabug: 39250782] {CVE-2026-31456} - scripts: generate_rust_analyzer.py: define scripts (Tamir Duberstein) - drm/amdgpu: replace PASID IDR with XArray (Mikhail Gavrilov) - net: ethernet: mtk_eth_soc: initialize PPE per-tag-layer MTU registers (Daniel Golle) - rust: warn on bindgen < 0.69.5 and libclang >= 19.1 (Miguel Ojeda) - wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (Felix Fietkau) [Orabug: 39167472] {CVE-2026-23444} - ima: do not copy measurement list to kdump kernel (Steven Chen) - ima: verify if the segment size has changed (Steven Chen) - PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown (Koichiro Den) - mm/userfaultfd: fix hugetlb fault mutex hash calculation (Jianhui Zhou) [Orabug: 39273453] {CVE-2026-31575} - LTS version: v6.12.83 (Sherry Yang) - ipv6: add NULL checks for idev in SRv6 paths (Heminhong) [Orabug: 39167467] {CVE-2026-23442} - PCI: Fix placement of pci_save_state() in pci_bus_add_device() (Lukas Wunner) - rxrpc: Fix key quota calculation for multitoken keys (David Howells) - ocfs2: fix out-of-bounds write in ocfs2_write_end_inline (Joseph Qi) [Orabug: 39331090] {CVE-2026-43075} - ocfs2: validate inline data i_size during inode read (Deepanshu Kartikey) [Orabug: 39331097] {CVE-2026-43076} - ocfs2: add inline inode consistency check to ocfs2_validate_inode_block() (Dmitry Antipov) - media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (Jeongjun Park) - media: vidtv: fix pass-by-value structs causing MSAN warnings (Abd-Alrhman Masalkhi) - nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map (Deepanshu Kartikey) - media: as102: fix to not free memory after the device is registered in as102_usb_probe() (Jeongjun Park) [Orabug: 39273467] {CVE-2026-31578} - bcache: fix cached_dev.sb_bio use-after-free and crash (Mingzhe Zou) [Orabug: 39273481] {CVE-2026-31580} - ALSA: 6fire: fix use-after-free on disconnect (Berk Cem Goksel) [Orabug: 39273486] {CVE-2026-31581} - hwmon: (powerz) Fix use-after-free on USB disconnect (Sanman Pradhan) - media: em28xx: fix use-after-free in em28xx_v4l2_open() (Abhishek Kumar) [Orabug: 39273493] {CVE-2026-31583} - media: mediatek: vcodec: fix use-after-free in encoder release path (Fan Wu) - media: vidtv: fix nfeeds state corruption on start_streaming failure (Ruslan Valiyev) - mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (Breno Leitao) [Orabug: 39273507] {CVE-2026-31586} - mm/kasan: fix double free for kasan pXds (Ritesh Harjani) - ASoC: qcom: q6apm: move component registration to unmanaged version (Srinivas Kandagatla) - KVM: x86: Use scratch field in MMIO fragment to hold small write values (Sean Christopherson) [Orabug: 39273521] {CVE-2026-31588} - x86-64/arm64/powerpc: clean up and rename __copy_from_user_flushcache (Linus Torvalds) - x86: rename and clean up __copy_from_user_inatomic_nocache() (Linus Torvalds) - x86-64: rename misleadingly named '__copy_user_nocache()' function (Linus Torvalds) [Orabug: 39323162] {CVE-2026-43073} - checkpatch: add support for Assisted-by tag (Sasha Levin) - KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs (David Woodhouse) - KVM: Remove subtle "struct kvm_stats_desc" pseudo-overlay (Sean Christopherson) - kernel: be more careful about dup_mmap() failures and uprobe registering (Liam R. Howlett) {CVE-2025-21709} - net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() (Eric Dumazet) - gpiolib: fix race condition for gdev->srcu (Paweł Narewski) [Orabug: 38887677] {CVE-2026-22986} - gpiolib: unify two loops initializing GPIO descriptors (Bartosz Golaszewski) - KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (Sean Christopherson) [Orabug: 39273529] {CVE-2026-31590} - KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created (Sean Christopherson) - KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (Sean Christopherson) [Orabug: 39273553] {CVE-2026-31593} - PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup (Koichiro Den) - ocfs2: handle invalid dinode in ocfs2_group_extend (Zhengyuan Huang) [Orabug: 39273569] {CVE-2026-31596} - ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY (Tejas Bharambe) [Orabug: 39273578] {CVE-2026-31597} - ocfs2: fix possible deadlock between unlink and dio_end_io_write (Joseph Qi) [Orabug: 39273586] {CVE-2026-31598} - media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (Ruslan Valiyev) - dcache: Limit the minimal number of bucket to two (Zhihao Cheng) [Orabug: 39323133] {CVE-2026-43071} - ALSA: ctxfi: Limit PTP to a single page (Harin Lee) [Orabug: 39273608] {CVE-2026-31602} - Docs/admin-guide/mm/damon/reclaim: warn commit_inputs vs param updates race (Seongjae Park) - USB: serial: option: add Telit Cinterion FN990A MBIM composition (Fabio Porcedda) - staging: sm750fb: fix division by zero in ps_to_hz() (Junrui Luo) - wifi: rtw88: fix device leak on probe failure (Johan Hovold) [Orabug: 39273620] {CVE-2026-31604} - scripts: generate_rust_analyzer.py: avoid FD leak (Tamir Duberstein) - fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (Greg Kroah-Hartman) - usb: port: add delay after usb_hub_set_port_power() (Xu Yang) - usb: gadget: f_hid: don't call cdev_init while cdev in use (Michael Zimmermann) - USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (Dave Carey) - usb: storage: Expand range of matched versions for VL817 quirks entry (Daniel Brát) - usbip: validate number_of_packets in usbip_pack_ret_submit() (Nathan Rebello) [Orabug: 39273631] {CVE-2026-31607} - ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc (Greg Kroah-Hartman) - ksmbd: require 3 sub-authorities before reading sub_auth[2] (Greg Kroah-Hartman) - ksmbd: validate EaNameLength in smb2_get_ea() (Greg Kroah-Hartman) - smb: client: fix off-by-8 bounds check in check_wsl_eas() (Greg Kroah-Hartman) [Orabug: 39273654] {CVE-2026-31614} - usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (Greg Kroah-Hartman) - usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (Greg Kroah-Hartman) - usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (Greg Kroah-Hartman) - fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (Greg Kroah-Hartman) - ALSA: fireworks: bound device-supplied status before string array lookup (Greg Kroah-Hartman) - drm/vc4: platform_get_irq_byname() returns an int (Greg Kroah-Hartman) [Orabug: 39323149] {CVE-2026-43072} - NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (Greg Kroah-Hartman) - net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (Greg Kroah-Hartman) - HID: core: clamp report_size in s32ton() to avoid undefined shift (Greg Kroah-Hartman) [Orabug: 39273696] {CVE-2026-31624} - HID: alps: fix NULL pointer dereference in alps_raw_event() (Greg Kroah-Hartman) [Orabug: 39273704] {CVE-2026-31625} - staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (Lin Yu Chen) - i2c: s3c24xx: check the size of the SMBUS message before using it (Greg Kroah-Hartman) - can: raw: fix ro->uniq use-after-free in raw_rcv() (Samuel Page) [Orabug: 39273446] {CVE-2026-31532} - nfc: llcp: add missing return after LLCP_CLOSED checks (Junxi Qian) - idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (Emil Tantilov) [Orabug: 39262348] {CVE-2026-31647} - ALSA: usb-audio: Improve Focusrite sample rate filtering (Geoffrey D. Bennett) - thermal: core: Address thermal zone removal races with resume (Rafael J. Wysocki) [Orabug: 39300675] {CVE-2026-31731} - thermal: core: Mark thermal zones as exiting before unregistration (Rafael J. Wysocki) - netfilter: conntrack: add missing netlink policy validations (Florian Westphal) [Orabug: 39171449] {CVE-2026-31407} - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39331103] {CVE-2026-43077} - perf/x86/intel/uncore: Skip discovery table for offline dies (Zide Chen) [Orabug: 39331114] {CVE-2026-43079} - crypto: af_alg - limit RX SG extraction by receive buffer budget (Douya Le) [Orabug: 39263372] {CVE-2026-31677} - gpio: tegra: fix irq_release_resources calling enable instead of disable (Samasth Norway Ananda) - l2tp: Drop large packets with UDP encap (Alice Mikityanska) [Orabug: 39331124] {CVE-2026-43080} - net: ipa: fix event ring index not programmed for IPA v5.0+ (Alexander Koskovich) - net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ (Alexander Koskovich) - af_unix: read UNIX_DIAG_VFS data under unix_state_lock (Jiexun Wang) [Orabug: 39263355] {CVE-2026-31673} - net: txgbe: leave space for null terminators on property_entry (Fabio Baltieri) - netfilter: ip6t_eui64: reject invalid MAC header for all packets (Zhengchuan Liang) [Orabug: 39263405] {CVE-2026-31685} - netfilter: xt_multiport: validate range encoding in checkentry (Ao Zhou) [Orabug: 39263387] {CVE-2026-31681} - netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (Xiang Mei) [Orabug: 39331144] {CVE-2026-43085} - ipvs: fix NULL deref in ip_vs_add_service error path (Weiming Shi) [Orabug: 39331151] {CVE-2026-43086} - selftests: net: bridge_vlan_mcast: wait for h1 before querier check (Daniel Golle) - xfrm_user: fix info leak in build_mapping() (Greg Kroah-Hartman) [Orabug: 39331162] {CVE-2026-43089} - xfrm: fix refcount leak in xfrm_migrate_policy_find (Kotlyarov Mihail) [Orabug: 39331168] {CVE-2026-43090} - xfrm: Wait for RCU readers during policy netns exit (Steffen Klassert) [Orabug: 39331170] {CVE-2026-43091} - xsk: validate MTU against usable frame size on bind (Maciej Fijalkowski) [Orabug: 39331178] {CVE-2026-43092} - xsk: fix XDP_UMEM_SG_FLAG issues (Maciej Fijalkowski) - xsk: respect tailroom for ZC setups (Maciej Fijalkowski) - xsk: tighten UMEM headroom validation to account for tailroom and min frame (Maciej Fijalkowski) [Orabug: 39331180] {CVE-2026-43093} - e1000: check return value of e1000_read_eeprom (Agalakov Daniil) - ixgbevf: add missing negotiate_features op to Hyper-V ops table (Michal Schmidt) [Orabug: 39331185] {CVE-2026-43094} - tracing/probe: reject non-closed empty immediate strings (Pengpeng Hou) - dt-bindings: net: Fix Tegra234 MGBE PTP clock (Jonathan Hunter) - net: stmmac: Fix PTP ref clock for Tegra234 (Jonathan Hunter) - nfc: s3fwrn5: allocate rx skb before consuming bytes (Pengpeng Hou) - net: increase IP_TUNNEL_RECURSION_LIMIT to 5 (Chris J Arges) - ipv4: icmp: fix null-ptr-deref in icmp_build_probe() (Yiqi Sun) [Orabug: 39331197] {CVE-2026-43099} - ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() (Fernando Fernandez Mancera) [Orabug: 39257881] {CVE-2026-31531} - ipv4: nexthop: avoid duplicate NHA_HW_STATS_ENABLE on nexthop group dump (Fernando Fernandez Mancera) - net: lapbether: handle NETDEV_PRE_TYPE_CHANGE (Eric Dumazet) - net: sched: act_csum: validate nested VLAN headers (Ruide Cao) [Orabug: 39263400] {CVE-2026-31684} - eventpoll: defer struct eventpoll free to RCU grace period (Nicholas Carlini) [Orabug: 39331087] {CVE-2026-43074} - drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (Maíra Canal) - drm/vc4: Fix a memory leak in hang state error path (Maíra Canal) [Orabug: 39331211] {CVE-2026-43104} - drm/vc4: Fix memory leak of BO array in hang state (Maíra Canal) [Orabug: 39331215] {CVE-2026-43105} - drm/vc4: Release runtime PM reference after binding V3D (Maíra Canal) - xfrm: account XFRMA_IF_ID in aevent size calculation (Keenan Dong) [Orabug: 39331223] {CVE-2026-43107} - HID: amd_sfh: don't log error when device discovery fails with -EOPNOTSUPP (Maximilian Pezzullo) - PCI: hv: Set default NUMA node to 0 for devices without affinity info (Long Li) - tools/power/turbostat: Fix microcode patch level output for AMD/Hygon (Serhii Pievniev) - soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei (Mukesh Ojha) - arm64: dts: imx93-tqma9352: improve eMMC pad configuration (Markus Niebel) - arm64: dts: imx93-9x9-qsb: change usdhc tuning step for eMMC and SD (Luke Wang) - arm64: dts: imx8mq: Set the correct gpu_ahb clock frequency (Sebastian Krzyszkowiak) - arm64: dts: qcom: hamoa/x1: fix idle exit latency (Daniel J Blueman) - soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (Potin Lai) - ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (Tomasz Merta) - net: sfp: add quirks for Hisense and HSGQ GPON ONT SFP modules (John Pavlick) - wifi: brcmfmac: validate bsscfg indices in IF events (Pengpeng Hou) [Orabug: 39331236] {CVE-2026-43110} - ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (Arthur Husband) - HID: roccat: fix use-after-free in roccat_report_event (Benoît Sevens) [Orabug: 39331243] {CVE-2026-43111} - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (Songxiebing) - HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (Leo Vriska) - platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (Mario Limonciello) - pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (Andy Shevchenko) - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IMH9 (Alexander Savenko) - ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (Gilson Marquato Júnior) - fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (Fredric Cover) [Orabug: 39331248] {CVE-2026-43112} - ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (Phil Willoughby) - ALSA: hda/realtek: Add quirk for Samsung Book2 Pro 360 (NP950QED) (Takashi Iwai) - ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (Kuninori Morimoto) - wifi: wl1251: validate packet IDs before indexing tx_frames (Pengpeng Hou) [Orabug: 39331253] {CVE-2026-43113} - ALSA: hda/realtek: add quirk for Framework F111:000F (Dustin L. Howett) - netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (Florian Westphal) {CVE-2026-43114} - drm/amdgpu: Handle GPU page faults correctly on non-4K page systems (Donet Tom) - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (César Montoya) - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (Goldwyn Rodrigues) [Orabug: 39331279] {CVE-2026-43117} - platform/x86: asus-nb-wmi: add DMI quirk for ASUS ROG Flow Z13-KJP GZ302EAC (Matthew Schwartz) - can: mcp251x: add error handling for power enable in open and resume (Wenyuan Li) - ASoC: SOF: topology: reject invalid vendor array size in token parser (Cássio Gabriel) - ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (Zhang Heng) - Bluetooth: hci_sync: annotate data-races around hdev->req_status (Cen Zhang) [Orabug: 39331291] {CVE-2026-43119} - ALSA: asihpi: avoid write overflow check warning (Arnd Bergmann) - media: rkvdec: reduce stack usage in rkvdec_init_v4l2_vp9_count_tbl() (Arnd Bergmann) - ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (Matthew Schwartz) - ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (Andrii Kovalchuk) - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (Vee Satayamas) - RDMA/irdma: Fix double free related to rereg_user_mr (Jacob Moroni) [Orabug: 39331295] {CVE-2026-43120} - LTS version: v6.12.82 (Sherry Yang) - ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (Aaron Erhardt) - net: skb: fix cross-cache free of KFENCE-allocated skb head (Jiayuan Chen) [Orabug: 39238726] {CVE-2026-31429} - rxrpc: Fix missing error checks for rxkad encryption/decryption failure (David Howells) - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (David Howells) - rxrpc: fix reference count leak in rxrpc_server_keyring() (Luxiao Xu) [Orabug: 39262320] {CVE-2026-31634} - rxrpc: reject undecryptable rxkad response tickets (Yuqi Xu) - rxrpc: Only put the call ref if one was acquired (Douya Le) [Orabug: 39262331] {CVE-2026-31638} - rxrpc: Fix key reference count leak from call->key (Anderson Nascimento) [Orabug: 39262333] {CVE-2026-31639} - rxrpc: Fix call removal to use RCU safe deletion (David Howells) [Orabug: 39262337] {CVE-2026-31642} - rxrpc: Fix anonymous key handling (David Howells) - net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (David Carlier) - net: lan966x: fix page pool leak in error paths (David Carlier) - net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() (David Carlier) - idpf: set the payload size before calling the async handler (Emil Tantilov) - idpf: improve locking around idpf_vc_xn_push_free() (Emil Tantilov) - mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (Baolin Wang) [Orabug: 39262350] {CVE-2026-31648} - net: stmmac: fix integer underflow in chain mode (Tyllis Xu) [Orabug: 39262352] {CVE-2026-31649} - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (Pengpeng Hou) - mmc: vub300: fix NULL-deref on disconnect (Johan Hovold) [Orabug: 39262358] {CVE-2026-31651} - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (Jacky Bai) - net/mlx5: Update the list of the PCI supported devices (Michael Guralnik) - drm/i915/psr: Do not use pipe_src as borders for SU area (Jouni Högander) - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (Sebastian Brzezinka) [Orabug: 39262370] {CVE-2026-31656} - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262373] {CVE-2026-31657} - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (David Carlier) [Orabug: 39262377] {CVE-2026-31658} - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (M A Ramdhan) [Orabug: 39257890] {CVE-2026-31533} - EDAC/mc: Fix error path ordering in edac_mc_alloc() (Borislav Petkov) [Orabug: 39273747] {CVE-2026-31689} - X.509: Fix out-of-bounds access when parsing extensions (Lukas Wunner) [Orabug: 39238730] {CVE-2026-31430} - batman-adv: reject oversized global TT response buffers (Ruide Cao) [Orabug: 39262381] {CVE-2026-31659} - nfc: pn533: allocate rx skb before consuming bytes (Pengpeng Hou) - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (Shawn Guo) - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (Shawn Guo) - arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V (Sebastian Krzyszkowiak) - Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower" (Sebastian Krzyszkowiak) - platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (Srinivas Pandruvada) - wifi: brcmsmac: Fix dma_free_coherent() size (Thomas Fourier) [Orabug: 39262389] {CVE-2026-31661} - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (Oleh Konko) [Orabug: 39262393] {CVE-2026-31662} - xfrm: clear trailing padding in build_polexpire() (Yasuaki Torimaru) [Orabug: 39262401] {CVE-2026-31664} - workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works (Matthew Brost) - netfilter: nft_ct: fix use-after-free in timeout object destroy (Tuan Do) [Orabug: 39262406] {CVE-2026-31665} - LoongArch: Handle percpu handler address for ORC unwinder (Tiezhu Yang) - LoongArch: Remove unnecessary checks for ORC unwinder (Tiezhu Yang) - net: annotate data-races around sk->sk_{data_ready,write_space} (Eric Dumazet) [Orabug: 39130795] {CVE-2026-23302} - Revert "mptcp: add needs_id for netlink appending addr" (Matthieu Baerts) - sched_ext: Fix stale direct dispatch state in ddsp_dsq_id (Andrea Righi) [Orabug: 39300679] {CVE-2026-31733} - misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe (Xingjing Deng) - arm64: dts: renesas: white-hawk-cpu-common: Add pin control for DSI-eDP IRQ (Geert Uytterhoeven) - nfc: nci: complete pending data exchange on device close (Jakub Kicinski) - blktrace: fix __this_cpu_read/write in preemptible context (Chaitanya Kulkarni) [Orabug: 39131032] {CVE-2026-23374} - btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (Robbie Ko) [Orabug: 39262410] {CVE-2026-31666} - btrfs: remove pointless out labels from extent-tree.c (Filipe Manana) - btrfs: remove unused flag EXTENT_BUFFER_CORRUPT (Daniel Vacek) - btrfs: remove unused flag EXTENT_BUFFER_READAHEAD (Daniel Vacek) - btrfs: split waiting from read_extent_buffer_pages(), drop parameter wait (David Sterba) - btrfs: remove unused define WAIT_PAGE_LOCK for extent io (David Sterba) - btrfs: make wait_on_extent_buffer_writeback() static inline (David Sterba) - ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() (Kuninori Morimoto) - MIPS: mm: Rewrite TLB uniquification for the hidden bit feature (Maciej W. Rozycki) - MIPS: mm: Suppress TLB uniquification on EHINV hardware (Maciej W. Rozycki) - MIPS: Always record SEGBITS in cpu_data.vmbits (Maciej W. Rozycki) - Input: uinput - take event lock when submitting FF request "event" (Dmitry Torokhov) - Input: uinput - fix circular locking dependency with ff-core (Mikhail Gavrilov) [Orabug: 39262412] {CVE-2026-31667} - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (Andrea Mayer) [Orabug: 39262416] {CVE-2026-31668} - mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39262421] {CVE-2026-31669} - net: rfkill: prevent unlimited numbers of rfkill events from being created (Greg Kroah-Hartman) [Orabug: 39262424] {CVE-2026-31670} - xfrm_user: fix info leak in build_report() (Greg Kroah-Hartman) [Orabug: 39262428] {CVE-2026-31671} - wifi: rt2x00usb: fix devres lifetime (Johan Hovold) [Orabug: 39262432] {CVE-2026-31672} - usb: typec: ucsi: skip connector validation before init (Nathan Rebello) - lib/crypto: chacha: Zeroize permuted_state before it leaves scope (Eric Biggers) [Orabug: 39343666] {CVE-2026-43336} - LTS version: v6.12.81 (Sherry Yang) - selftests/bpf: test refining u32/s32 bounds when ranges cross min/max boundary (Eduard Zingerman) - bpf: Fix u32/s32 bounds when ranges cross min/max boundary (Eduard Zingerman) - bpf: Add third round of bounds deduction (Paul Chaignon) - selftests/bpf: Test invariants on JSLT crossing sign (Paul Chaignon) - selftests/bpf: Test cross-sign 64bits range refinement (Paul Chaignon) - bpf: Improve bounds when s64 crosses sign boundary (Paul Chaignon) - drm/amd/display: Correct logic check error for fastboot (Charlene Liu) - drm/amd: Disable ASPM on SI (Timur Kristóf) - drm/amd/display: Disable scaling on DCE6 for now (Timur Kristóf) - drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% (Timur Kristóf) - drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming. (Timur Kristóf) - drm/amd/display: Keep PLL0 running on DCE 6.0 and 6.4 (Timur Kristóf) - drm/amd/display: Disable fastboot on DCE 6 too (Timur Kristóf) - drm/amd/amdgpu: disable ASPM in some situations (Kenneth Feng) - drm/amd/amdgpu: decouple ASPM with pcie dpm (Kenneth Feng) - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (Mario Limonciello) - MPTCP: fix lock class name family in pm_nl_create_listen_socket (Li Xiasong) - s390/cpum_sf: Cap sampling rate to prevent lsctl exception (Thomas Richter) - s390/perf_cpum_sf: Convert to use try_cmpxchg128() (Heiko Carstens) - ext4: publish jinode after initialization (Li Chen) [Orabug: 39250748] {CVE-2026-31450} - drm/amd/pm: disable OD_FAN_CURVE if temp or pwm range invalid for smu v13 (Yang Wang) - mm/memory: fix PMD/PUD checks in follow_pfnmap_start() (David Hildenbrand) - mm: replace READ_ONCE() with standard page table accessors (Anshuman Khandual) - mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (Tu Jinjiang) {CVE-2026-31466} - x86/fred: Fix early boot failures on SEV-ES/SNP guests (Nikunj A Dadhania) - scsi: target: tcm_loop: Drain commands in target_reset handler (Josef Bacik) [Orabug: 39300989] {CVE-2026-43054} - net: mana: fix use-after-free in add_adev() error path (Guangshuo Li) [Orabug: 39302308] {CVE-2026-43056} - net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback (Willem de Bruijn) [Orabug: 39302311] {CVE-2026-43057} - spi: cadence-qspi: Fix exec_mem_op error handling (Emanuele Ghidoli) - wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (Alexander Popov) - usb: gadget: f_uac1_legacy: validate control request size (Taegu Ha) - usb: gadget: f_hid: move list and spinlock inits from bind to alloc (Michael Zimmermann) - usb: gadget: f_rndis: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_subset: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_eem: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_ecm: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_rndis: Protect RNDIS options with mutex (Kuen-Han Tsai) - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (Kuen-Han Tsai) - usb: gadget: uvc: fix NULL pointer dereference during unbind race (Jimmy Hu) - usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (Kuen-Han Tsai) - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (Kuen-Han Tsai) - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (Filipe Manana) [Orabug: 39103088] {CVE-2025-71269} - btrfs: fix the qgroup data free range for inline data extents (Qu Wenruo) - ice: Fix memory leak in ice_set_ringparam() (Zilin Guan) [Orabug: 39131082] {CVE-2026-23389} - usb: typec: ucsi: validate connector number in ucsi_notify_common() (Nathan Rebello) [Orabug: 39300670] {CVE-2026-31729} - usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (Sebastian Urban) - USB: dummy-hcd: Fix interrupt synchronization error (Alan Stern) - USB: dummy-hcd: Fix locking/synchronization error (Alan Stern) - thunderbolt: Fix property read in nhi_wake_supported() (Konrad Dybcio) - misc: fastrpc: possible double-free of cctx->remote_heap (Xingjing Deng) - thermal: core: Fix thermal zone device registration error path (Rafael J. Wysocki) [Orabug: 39343655] {CVE-2026-43332} - gpio: mxc: map Both Edge pad wakeup to Rising Edge (Shenwei Wang) - cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (Guangshuo Li) [Orabug: 39343644] {CVE-2026-43328} - net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled (Sven Eckelmann) - net: ftgmac100: fix ring allocation unwind on open failure (Yufan Chen) - vxlan: validate ND option lengths in vxlan_na_create (Ao Zhou) [Orabug: 39300689] {CVE-2026-31738} - crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Eric Biggers) - counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member (Cosmin Tanislav) - counter: rz-mtu3-cnt: prevent counter from being toggled multiple times (Cosmin Tanislav) - netfilter: ipset: drop logically empty buckets in mtype_del (Yifan Wu) [Orabug: 39205984] {CVE-2026-31418} - nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy (Ivan Vera) - nvmem: imx: assign nvmem_cell_info::raw_len (Christian Eggers) - dt-bindings: connector: add pd-disable dependency (Xu Yang) - firmware: microchip: fail auto-update probe if no flash found (Conor Dooley) - comedi: me4000: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: me_daq: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (Ian Abbott) - comedi: Reinit dev->spinlock between attachments to low-level drivers (Ian Abbott) - comedi: dt2815: add hardware detection to prevent crash (Deepanshu Kartikey) - cdc-acm: new quirk for EPSON HMD (Oliver Neukum) - bridge: br_nd_send: validate ND option lengths (Ao Zhou) [Orabug: 39300723] {CVE-2026-31752} - Revert "LoongArch/orc: Use RCU in all users of __module_address()." (Sasha Levin) - Revert "LoongArch: Remove unnecessary checks for ORC unwinder" (Sasha Levin) - Revert "LoongArch: Handle percpu handler address for ORC unwinder" (Sasha Levin) - usb: cdns3: gadget: fix state inconsistency on gadget init failure (Yongchao Wu) - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (Yongchao Wu) - usb: core: phy: avoid double use of 'usb3-phy' (Gabor Juhos) - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (Juneho Choi) - usb: ehci-brcm: fix sleep during atomic (Justin Chen) - usb: usbtmc: Flush anchored URBs in usbtmc_release (Heitor Alves de Siqueira) [Orabug: 39300741] {CVE-2026-31758} - usb: ulpi: fix double free in ulpi_register_interface() error path (Guangshuo Li) [Orabug: 39300745] {CVE-2026-31759} - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (Miao Li) - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (Ethan Tidmore) - iio: gyro: mpu3050: Move iio_device_register() to correct location (Ethan Tidmore) [Orabug: 39300750] {CVE-2026-31761} - iio: gyro: mpu3050: Fix irq resource leak (Ethan Tidmore) [Orabug: 39300755] {CVE-2026-31762} - iio: gyro: mpu3050: Fix incorrect free_irq() variable (Ethan Tidmore) [Orabug: 39300760] {CVE-2026-31763} - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (Francesco Lavra) - iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (Josh Poimboeuf) - iio: light: vcnl4035: fix scan buffer on big-endian (David Lechner) - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (Antoniu Miclaus) - iio: accel: adxl380: fix FIFO watermark bit 8 always written as 0 (Antoniu Miclaus) - iio: accel: fix ADXL355 temperature signature value (Valek Andrej) - iio: adc: aspeed: clear reference voltage bits before configuring vref (Billy Tsai) - Input: xpad - add support for Razer Wolverine V3 Pro (Zoltan Illes) - Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (Shengyu Qu) - Input: bcm5974 - recover from failed mode switch (Liam Mitchell) - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (Christoffer Sandberg) - Input: synaptics-rmi4 - fix a locking bug in an error path (Bart Van Assche) - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (Jp Hein) - USB: serial: option: add support for Rolling Wireless RW135R-GL (Wanquan Zhong) - USB: serial: io_edgeport: add support for Blackbox IC135A (Frej Drejhammar) - drm/amdgpu/pm: drop SMU driver if version not matched messages (Alex Deucher) - drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (Donet Tom) [Orabug: 39300766] {CVE-2026-31765} - drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (Ville Syrjälä) - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (Ville Syrjälä) {CVE-2026-31767} - drm/ast: dp501: Fix initialization of SCU2C (Thomas Zimmermann) - iio: adc: ti-ads1119: Replace IRQF_ONESHOT with IRQF_NO_THREAD (Felix Gu) - iio: adc: ti-ads1119: Reinit completion before wait_for_completion_timeout() (Felix Gu) - iio: adc: ti-ads1119: Fix unbalanced pm reference count in ds1119_single_conversion() (Felix Gu) - iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() (David Lechner) - iio: adc: ti-adc161s626: fix buffer read on big-endian (David Lechner) - drm/amdgpu: fix the idr allocation flags (Prike Liang) - mips: mm: Allocate tlb_vpn array atomically (Stefan Wiehler) - hwmon: (occ) Fix division by zero in occ_show_power_1() (Sanman Pradhan) - MIPS: Fix the GCC version check for __multi3' workaround (Maciej W. Rozycki) - MIPS: SiByte: Bring back cache initialisation (Maciej W. Rozycki) - ksmbd: fix OOB write in QUERY_INFO for compound requests (Asim Viladi Oglu Manizada) - Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (Hkbinbin) [Orabug: 39300788] {CVE-2026-31772} - Bluetooth: SMP: force responder MITM requirements before building the pairing response (Oleh Konko) [Orabug: 39343661] {CVE-2026-43334} - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (Oleh Konko) [Orabug: 39300792] {CVE-2026-31773} - io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (Junxi Qian) [Orabug: 39300796] {CVE-2026-31774} - ALSA: ctxfi: Fix missing SPDIFI1 index handling (Takashi Iwai) [Orabug: 39300799] {CVE-2026-31776} - ALSA: caiaq: fix stack out-of-bounds read in init_card (Berk Cem Goksel) [Orabug: 39300807] {CVE-2026-31778} - USB: serial: option: add MeiG Smart SRM825WN (Ernestas Kulik) - wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (Alexey Velichayshiy) [Orabug: 39300811] {CVE-2026-31779} - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (Yasuaki Torimaru) - drm/ioc32: stop speculation on the drm_compat_ioctl path (Greg Kroah-Hartman) [Orabug: 39300819] {CVE-2026-31781} - riscv: kgdb: fix several debug register assignment bugs (Paul Walmsley) - sched/fair: Fix zero_vruntime tracking fix (Peter Zijlstra) - sched/fair: Use protect_slice() instead of direct comparison (Vincent Guittot) - mips: ralink: update CPU clock index (Shiji Yang) - hwmon: (occ) Fix missing newline in occ_show_extended() (Sanman Pradhan) - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (Sanman Pradhan) - dt-bindings: gpio: fix microchip #interrupt-cells (Jamie Gibbons) - hwmon: (ltc4286) Add missing MODULE_IMPORT_NS("PMBUS") (Sanman Pradhan) - hwmon: (pxe1610) Check return value of page-select write in probe (Sanman Pradhan) - accel/qaic: Handle DBC deactivation if the owner went away (Youssef Samir) - iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (David Lechner) - Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" (Maarten Lankhorst) - bpf: reject direct access to nullable PTR_TO_BUF pointers (Qi Tang) [Orabug: 39343658] {CVE-2026-43333} - ipv6: avoid overflows in ip6_datagram_send_ctl() (Eric Dumazet) [Orabug: 39205970] {CVE-2026-31415} - net: hsr: fix VLAN add unwind on slave errors (Luka Gejak) - net/sched: cls_flow: fix NULL pointer dereference on shared blocks (Xiang Mei) [Orabug: 39206002] {CVE-2026-31422} - net/sched: cls_fw: fix NULL pointer dereference on shared blocks (Xiang Mei) [Orabug: 39205998] {CVE-2026-31421} - net/x25: Fix overflow when accumulating packets (Martin Schiller) - net/x25: Fix potential double free of skb (Martin Schiller) - bnxt_en: Restore default stat ctxs for ULP when resource is available (Pavan Chebbi) - net/mlx5: Fix switchdev mode rollback in case of failure (Saeed Mahameed) [Orabug: 39300842] {CVE-2026-43012} - net/mlx5: Avoid "No data available" when FW version queries fail (Saeed Mahameed) - net/mlx5: lag: Check for LAG device before creating debugfs (Shay Drory) [Orabug: 39300845] {CVE-2026-43013} - net: macb: properly unregister fixed rate clocks (Fedor Pchelkin) [Orabug: 39300848] {CVE-2026-43014} - net: macb: fix clk handling on PCI glue driver removal (Fedor Pchelkin) [Orabug: 39300852] {CVE-2026-43015} - net/sched: sch_netem: fix out-of-bounds access in packet corruption (Yucheng Lu) [Orabug: 39263363] {CVE-2026-31675} - bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). (Kuniyuki Iwashima) [Orabug: 39300856] {CVE-2026-43016} - Bluetooth: MGMT: validate mesh send advertising payload length (Keenan Dong) [Orabug: 39300859] {CVE-2026-43017} - Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (Pauli Virtanen) [Orabug: 39300861] {CVE-2026-43018} - Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (Pauli Virtanen) [Orabug: 39300863] {CVE-2026-43019} - Bluetooth: MGMT: validate LTK enc_size on load (Keenan Dong) [Orabug: 39300865] {CVE-2026-43020} - Bluetooth: SCO: fix race conditions in sco_sock_connect() (Cen Zhang) [Orabug: 39300878] {CVE-2026-43023} - Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (Pauli Virtanen) - netfilter: nf_tables: reject immediate NF_QUEUE verdict (Pablo Neira Ayuso) [Orabug: 39300880] {CVE-2026-43024} - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (Pablo Neira Ayuso) [Orabug: 39206016] {CVE-2026-31424} - netfilter: ctnetlink: ignore explicit helper on new expectations (Pablo Neira Ayuso) [Orabug: 39300884] {CVE-2026-43025} - netfilter: nf_conntrack_expect: store netns and zone in expectation (Pablo Neira Ayuso) - netfilter: nf_conntrack_expect: use expect->helper (Pablo Neira Ayuso) [Orabug: 39205964] {CVE-2026-31414} - netfilter: nf_conntrack_expect: honor expectation helper field (Pablo Neira Ayuso) - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (Qi Tang) [Orabug: 39300888] {CVE-2026-43026} - netfilter: nf_conntrack_helper: pass helper to expect cleanup (Qi Tang) [Orabug: 39300892] {CVE-2026-43027} - netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr (Florian Westphal) - netfilter: x_tables: ensure names are nul-terminated (Florian Westphal) [Orabug: 39300896] {CVE-2026-43028} - netfilter: nfnetlink_log: account for netlink header size (Florian Westphal) [Orabug: 39205975] {CVE-2026-31416} - netfilter: flowtable: strictly check for maximum number of actions (Pablo Neira Ayuso) [Orabug: 39343648] {CVE-2026-43329} - net: ipv6: flowlabel: defer exclusive option free until RCU teardown (Zhengchuan Liang) [Orabug: 39263383] {CVE-2026-31680} - bpf: Fix regsafe() for pointers to packet (Alexei Starovoitov) [Orabug: 39300902] {CVE-2026-43030} - net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec (Suraj Gupta) - NFC: pn533: bound the UART receive buffer (Pengpeng Hou) - net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (Yochai Eisenrich) [Orabug: 39300916] {CVE-2026-43035} - net: use skb_header_pointer() for TCPv4 GSO frag_off check (Guoyu Su) [Orabug: 39300920] {CVE-2026-43036} - net: introduce mangleid_features (Paolo Abeni) - net: airoha: Add missing cleanup bits in airoha_qdma_cleanup_rx_queue() (Lorenzo Bianconi) - ipv6: prevent possible UaF in addrconf_permanent_addr() (Paolo Abeni) [Orabug: 39343676] {CVE-2026-43339} - ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (Jihed Chaibi) - net: enetc: check whether the RSS algorithm is Toeplitz (Wei Fang) - net: sfp: Fix Ubiquiti U-Fiber Instant SFP module on mvneta (Marek Behún) - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (Xiang Mei) [Orabug: 39206010] {CVE-2026-31423} - bridge: br_nd_send: linearize skb before parsing ND options (Ao Zhou) [Orabug: 39263392] {CVE-2026-31682} - eth: fbnic: Account for page fragments when updating BDQ tail (Dimitri Daskalakis) - ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300924] {CVE-2026-43037} - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Eric Dumazet) [Orabug: 39300928] {CVE-2026-43038} - tg3: Fix race for querying speed/duplex (Thomas Bogendoerfer) - net/ipv6: ioam6: prevent schema length wraparound in trace fill (Pengpeng Hou) [Orabug: 39343684] {CVE-2026-43341} - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (Yochai Eisenrich) [Orabug: 39300933] {CVE-2026-43040} - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak (Jiayuan Chen) [Orabug: 39300937] {CVE-2026-43041} - net: fec: fix the PTP periodic output sysfs interface (Csaba Buday) - crypto: af-alg - fix NULL pointer dereference in scatterwalk (Norbert Szetei) [Orabug: 39300945] {CVE-2026-43043} - crypto: caam - fix overflow on long hmac keys (Horia Geantă) - crypto: caam - fix DMA corruption on long hmac keys (Horia Geantă) - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (Reshma Immaculate Rajkumar) - dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning (Frank Li) - spi: geni-qcom: Check DMA interrupts early in ISR (Praveen Talari) - btrfs: reject root items with drop_progress and zero drop_level (Zhengyuan Huang) [Orabug: 39300957] {CVE-2026-43046} - i2c: tegra: Don't mark devices with pins as IRQ safe (Mikko Perttunen) - btrfs: reserve enough transaction items for qgroup ioctls (Filipe Manana) [Orabug: 39343672] {CVE-2026-43338} - HID: multitouch: Check to ensure report responses match the request (Lee Jones) [Orabug: 39300961] {CVE-2026-43047} - HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (Lee Jones) [Orabug: 39300969] {CVE-2026-43049} - objtool: Fix Clang jump table detection (Josh Poimboeuf) - tg3: replace placeholder MAC address with device property (Paul Sage) - btrfs: don't take device_list_mutex when querying zone info (Johannes Thumshirn) - atm: lec: fix use-after-free in sock_def_readable() (Deepanshu Kartikey) [Orabug: 39300973] {CVE-2026-43050} - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (Benoît Sevens) [Orabug: 39300977] {CVE-2026-43051} - wifi: mac80211: check tdls flag in ieee80211_tdls_oper (Deepanshu Kartikey) [Orabug: 39300981] {CVE-2026-43052} - HID: logitech-hidpp: Enable MX Master 4 over bluetooth (Adrian Freund) - arm64/scs: Fix handling of advance_loc4 (Pepper Gray) - io_uring/kbuf: propagate BUF_MORE through early buffer commit path (Jens Axboe) - io_uring/kbuf: fix missing BUF_MORE for incremental buffers at EOF (Jens Axboe) - io_uring/kbuf: use WRITE_ONCE() for userspace-shared buffer ring fields (Joanne Koong) - io_uring/kbuf: use READ_ONCE() for userspace-mapped memory (Caleb Sander) - io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (Jens Axboe) [Orabug: 38440272] {CVE-2025-39816} - io_uring/kbuf: enable bundles for incrementally consumed buffers (Jens Axboe) - io_uring/rw: check for NULL io_br_sel when putting a buffer (Jens Axboe) - io_uring/net: correct type for min_not_zero() cast (Jens Axboe) - io_uring: remove async/poll related provided buffer recycles (Jens Axboe) - io_uring/kbuf: switch to storing struct io_buffer_list locally (Jens Axboe) - io_uring/net: use struct io_br_sel->val as the send finish value (Jens Axboe) - io_uring/net: use struct io_br_sel->val as the recv finish value (Jens Axboe) - io_uring/kbuf: use struct io_br_sel for multiple buffers picking (Jens Axboe) - io_uring/kbuf: introduce struct io_br_sel (Jens Axboe) - io_uring/kbuf: pass in struct io_buffer_list to commit/recycle helpers (Jens Axboe) - io_uring/net: clarify io_recv_buf_select() return value (Jens Axboe) - io_uring/net: don't use io_net_kbuf_recyle() for non-provided cases (Jens Axboe) - io_uring/kbuf: drop 'issue_flags' from io_put_kbuf(s)() arguments (Jens Axboe) - io_uring/kbuf: uninline __io_put_kbufs (Pavel Begunkov) - io_uring/kbuf: introduce io_kbuf_drop_legacy() (Pavel Begunkov) - io_uring/kbuf: open code __io_put_kbuf() (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf caching (Pavel Begunkov) - io_uring/kbuf: simplify __io_put_kbuf (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf kmem cache (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf bulk allocation (Pavel Begunkov) - LTS version: v6.12.80 (Sherry Yang) - idpf: nullify pointers after they are freed (Li Li) - net: bcmasp: Fix network filter wake for asp-3.0 (Justin Chen) - net: bcmasp: Restore programming of TX map vector register (Florian Fainelli) - dmaengine: idxd: Fix leaking event log memory (Vinicius Costa Gomes) [Orabug: 39250715] {CVE-2026-31440} - futex: Require sys_futex_requeue() to have identical flags (Peter Zijlstra) [Orabug: 39262271] {CVE-2026-31554} - xen/privcmd: unregister xenstore notifier on module exit (Guohan Zhao) - btrfs: fix lost error when running device stats on multiple devices fs (Filipe Manana) - btrfs: fix leak of kobject name for sub-group space_info (Shin'Ichiro Kawasaki) [Orabug: 39250698] {CVE-2026-31434} - btrfs: fix super block offset in error message in btrfs_validate_super() (Mark Harmstone) - dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA (Tomi Valkeinen) - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (Marek Vasut) - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (Tuo Li) [Orabug: 39250704] {CVE-2026-31436} - netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators (Deepanshu Kartikey) [Orabug: 39250710] {CVE-2026-31438} - dmaengine: xilinx: xdma: Fix regmap init error handling (Alexander Stein) - dmaengine: dw-edma: Fix multiple times setting of the CYCLE_STATE and CYCLE_BIT bits for HDMA. (Luo Haowen) - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (Felix Gu) - dmaengine: idxd: Fix freeing the allocated ida too late (Vinicius Costa Gomes) - dmaengine: idxd: Fix memory leak when a wq is reset (Vinicius Costa Gomes) [Orabug: 39250719] {CVE-2026-31441} - dmaengine: idxd: Fix not releasing workqueue on .release() (Vinicius Costa Gomes) [Orabug: 39323059] {CVE-2026-43064} - ASoC: ak4458: Convert to RUNTIME_PM_OPS() & co (Takashi Iwai) - idpf: Fix RSS LUT NULL ptr issue after soft reset (Sreedevi Joshi) [Orabug: 38887699] {CVE-2026-22993} - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (Sreedevi Joshi) [Orabug: 38887675] {CVE-2026-22985} - idpf: detach and close netdevs while handling a reset (Emil Tantilov) [Orabug: 38887666] {CVE-2026-22981} - idpf: check error for register_netdev() on init (Emil Tantilov) [Orabug: 37844511] {CVE-2025-22116} - ice: Fix PTP NULL pointer dereference during VSI rebuild (Aaron Ma) [Orabug: 38970514] {CVE-2026-23210} - landlock: Fix handling of disconnected directories (Mickaël Salaün) [Orabug: 38798915] {CVE-2025-68736} - landlock: Optimize file path walks and prepare for audit support (Mickaël Salaün) - net: add proper RCU protection to /proc/net/ptype (Eric Dumazet) [Orabug: 39103146] {CVE-2026-23255} - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (Zubin Mithra) [Orabug: 39250829] {CVE-2026-31470} - xfs: avoid dereferencing log items after push callbacks (Yuto Ohnuki) [Orabug: 39250765] {CVE-2026-31453} - ovl: make fsync after metadata copy-up opt-in mount option (Fei Lv) - ovl: Use str_on_off() helper in ovl_show_options() (Thorsten Blum) - rust: pin-init: internal: init: document load-bearing fact of field accessors (Benno Lossin) - rust: pin-init: add references to previously initialized fields (Benno Lossin) - mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] (Josh Law) [Orabug: 39250786] {CVE-2026-31458} - media: nxp: imx8-isi: Fix streaming cleanup on release (Richard Leitner) - LoongArch: vDSO: Emit GNU_EH_FRAME correctly (Xi Ruoyao) - drm/xe: always keep track of remap prev/next (Matthew Auld) [Orabug: 39250860] {CVE-2026-31479} - tracing: Fix potential deadlock in cpu hotplug with osnoise (Luo Haiyang) [Orabug: 39250862] {CVE-2026-31480} - tracing: Switch trace_osnoise.c code over to use guard() and __free() (Steven Rostedt) - ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() (Werner Kasselman) - powerpc64/bpf: do not increment tailcall count when prog is NULL (Hari Bathini) - arm64: dts: imx8mn-tqma8mqnl: fix LDO5 power off (Markus Niebel) - ext4: always drain queued discard work in ext4_mb_release() (Theodore Ts'O) [Orabug: 39323070] {CVE-2026-43065} - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (Baokun Li) [Orabug: 39323077] {CVE-2026-43066} - ext4: handle wraparound when searching for blocks for indirect mapped blocks (Theodore Ts'O) - ext4: fix the might_sleep() warnings in kvfree() (Zqiang) - ext4: fix use-after-free in update_super_work when racing with umount (Jiayuan Chen) [Orabug: 39250726] {CVE-2026-31446} - ext4: reject mount if bigalloc with s_first_data_block != 0 (Helen Koike) [Orabug: 39250729] {CVE-2026-31447} - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (Ye Bin) [Orabug: 39323085] {CVE-2026-43068} - ext4: avoid infinite loops caused by residual data (Edward Adam Davis) [Orabug: 39250734] {CVE-2026-31448} - ext4: validate p_idx bounds in ext4_ext_correct_indexes (Tejas Bharambe) [Orabug: 39250743] {CVE-2026-31449} - ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio (Yuto Ohnuki) [Orabug: 39250756] {CVE-2026-31451} - ext4: make recently_deleted() properly work with lazy itable initialization (Jan Kara) - ext4: fix fsync(2) for nojournal mode (Jan Kara) - ext4: fix stale xarray tags after writeback (Jan Kara) - ext4: convert inline data to extents when truncate exceeds inline size (Deepanshu Kartikey) [Orabug: 39250761] {CVE-2026-31452} - ext4: fix journal credit check when setting fscrypt context (Simon Weber) - xfs: remove file_path tracepoint data (Darrick J. Wong) - xfs: don't irele after failing to iget in xfs_attri_recover_work (Darrick J. Wong) {CVE-2026-43063} - xfs: fix ri_total validation in xlog_recover_attri_commit_pass2 (Long Li) - xfs: scrub: unlock dquot before early return in quota scrub (Hongao) [Orabug: 39262277] {CVE-2026-31556} - xfs: save ailp before dropping the AIL lock in push callbacks (Yuto Ohnuki) [Orabug: 39250774] {CVE-2026-31454} - xfs: stop reclaim before pushing AIL during unmount (Yuto Ohnuki) [Orabug: 39250777] {CVE-2026-31455} - LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust (Huacai Chen) - LoongArch: Workaround LS2K/LS7A GPU DMA hang bug (Huacai Chen) - LoongArch: Fix missing NULL checks for kstrdup() (Lijun) - drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (Imre Deak) - drm/amdgpu: prevent immediate PASID reuse case (Eric Huang) [Orabug: 39250796] {CVE-2026-31462} - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (Claudiu Beznea) - dmaengine: sh: rz-dmac: Protect the driver specific lists (Claudiu Beznea) - dmaengine: fsl-edma: fix channel parameter config for fixed channel requests (Joy Zou) - futex: Clear stale exiting pointer in futex_lock_pi() retry path (Davidlohr Bueso) [Orabug: 39262273] {CVE-2026-31555} - irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (Jassi Brar) - jbd2: gracefully abort on checkpointing state corruptions (Milos Nikic) - net: macb: Use dev_consume_skb_any() to free TX SKBs (Kevin Hao) [Orabug: 39262293] {CVE-2026-31563} - net: macb: Protect access to net_device::ip_ptr with RCU lock (Kevin Hao) - net: macb: Move devm_{free,request}_irq() out of spin lock area (Kevin Hao) - scsi: ses: Handle positive SCSI error from ses_recv_diag() (Greg Kroah-Hartman) - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (Tyllis Xu) - ovl: fix wrong detection of 32bit inode numbers (Amir Goldstein) - phy: qcom: qmp-ufs: Fix SM8650 PCS table for Gear 4 (Abel Vesa) - x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask (Borislav Petkov) [Orabug: 39262289] {CVE-2026-31561} - x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling() (Nikunj A Dadhania) - alarmtimer: Fix argument order in alarm_timer_forward() (Zhan Xusheng) - erofs: add GFP_NOIO in the bio completion if needed (Jiucheng Xu) [Orabug: 39250817] {CVE-2026-31467} - virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (Xietangxin) [Orabug: 39250824] {CVE-2026-31469} - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (Yuchan Nam) [Orabug: 39250836] {CVE-2026-31473} - hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (Sanman Pradhan) - hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (Sanman Pradhan) - hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (Sanman Pradhan) - KVM: arm64: Discard PC update state on vcpu reset (Marc Zyngier) - platform/x86: ISST: Correct locked bit width (Srinivas Pandruvada) - cpufreq: conservative: Reset requested_freq on limits change (Viresh Kumar) - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (Oliver Hartkopp) [Orabug: 39250840] {CVE-2026-31474} - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (Ali Norouzi) [Orabug: 39262306] {CVE-2026-31570} - ALSA: firewire-lib: fix uninitialized local variable (Alexey Nepomnyashih) - ksmbd: do not expire session on binding failure (Hyunwoo Kim) - ksmbd: fix memory leaks and NULL deref in smb2_lock() (Werner Kasselman) - ksmbd: fix potencial OOB in get_file_all_info() for compound requests (Namjae Jeon) - ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() (Namjae Jeon) - s390/entry: Scrub r12 register on kernel entry (Vasily Gorbik) - s390/barrier: Make array_index_mask_nospec() __always_inline (Vasily Gorbik) - s390/syscalls: Add spectre boundary for syscall dispatch table (Greg Kroah-Hartman) - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (Marc Kleine-Budde) - ASoC: adau1372: Fix clock leak on PLL lock failure (Jihed Chaibi) - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (Jihed Chaibi) - sysctl: fix uninitialized variable in proc_do_large_bitmap (Marc Buerg) - hwmon: (pmbus) Introduce the concept of "write-only" attributes (Guenter Roeck) - hwmon: (pmbus) Mark lowest/average/highest/rated attributes as read-only (Guenter Roeck) - hwmon: (pmbus/core) Fix various coding style issues (Guenter Roeck) - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (Sanman Pradhan) - drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (Srinivasan Shanmugam) [Orabug: 39262299] {CVE-2026-31566} - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (Weiming Shi) [Orabug: 39206026] {CVE-2026-31426} - spi: use generic driver_override infrastructure (Danilo Krummrich) [Orabug: 39250884] {CVE-2026-31487} - spi: Group CS related fields in struct spi_device (Andy Shevchenko) - drm/amd/display: Do not skip unrelated mode changes in DSC validation (Yussuf Khalil) [Orabug: 39250888] {CVE-2026-31488} - spi: meson-spicc: Fix double-put in remove path (Felix Gu) [Orabug: 39250890] {CVE-2026-31489} - ASoC: Intel: catpt: Fix the device initialization (Cezary Rojewski) - spi: sn-f-ospi: Fix resource leak in f_ospi_probe() (Felix Gu) - PM: hibernate: Drain trailing zero pages on userspace restore (Alberto Garcia) - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (Samasth Norway Ananda) - x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size (Mike Rapoport) - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (Yihang Li) - RDMA/irdma: Return EINVAL for invalid arp index error (Tatyana Nikolova) - RDMA/irdma: Fix deadlock during netdev reset with active connections (Anil Samal) [Orabug: 39262296] {CVE-2026-31565} - RDMA/irdma: Remove reset check from irdma_modify_qp_to_err() (Tatyana Nikolova) - RDMA/irdma: Clean up unnecessary dereference of event->cm_node (Ivan Barrera) - RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce() (Tatyana Nikolova) - RDMA/irdma: Update ibqp state to error if QP is already in error state (Tatyana Nikolova) - RDMA/irdma: Initialize free_qp completion before using it (Jacob Moroni) [Orabug: 39250897] {CVE-2026-31492} - RDMA/rw: Fall back to direct SGE on MR pool exhaustion (Chuck Lever) - ALSA: hda/realtek: Sequence GPIO2 on Star Labs StarFighter (Sean Rhodes) - regmap: Synchronize cache for the page selector (Andy Shevchenko) - net: macb: use the current queue number for stats (Paolo Valerio) [Orabug: 39250905] {CVE-2026-31494} - netfilter: ctnetlink: use netlink policy range checks (David Carlier) [Orabug: 39250911] {CVE-2026-31495} - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (Weiming Shi) [Orabug: 39206029] {CVE-2026-31427} - netfilter: nf_conntrack_expect: skip expectations in other netns via proc (Pablo Neira Ayuso) [Orabug: 39250915] {CVE-2026-31496} - netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (Ao Zhou) [Orabug: 39263359] {CVE-2026-31674} - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (Weiming Shi) [Orabug: 39206033] {CVE-2026-31428} - tls: Purge async_hold in tls_decrypt_async_wait() (Chuck Lever) [Orabug: 39164144] {CVE-2026-23414} - Bluetooth: btusb: clamp SCO altsetting table indices (Pengpeng Hou) [Orabug: 39250921] {CVE-2026-31497} - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (Hyunwoo Kim) [Orabug: 39250925] {CVE-2026-31498} - Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (Cen Zhang) [Orabug: 39250931] {CVE-2026-31500} - Bluetooth: L2CAP: Fix send LE flow credits in ACL link (Zhang Chen) - dma-mapping: add missing inline for dma_free_attrs (Miguel Ojeda) - net: lan743x: fix duplex configuration in mac_link_up (Thangaraj Samynathan) - net: enetc: fix the output issue of 'ethtool --show-ring' (Wei Fang) - udp: Fix wildcard bind conflict check when using hash2 (Martin Kafai Lau) [Orabug: 39250946] {CVE-2026-31503} - tcp: optimize inet_use_bhash2_on_bind() (Eric Dumazet) - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250951] {CVE-2026-31504} - ipv6: Don't remove permanent routes with exceptions from tb6_gc_hlist. (Kuniyuki Iwashima) - ipv6: Remove permanent routes from tb6_gc_hlist when all exceptions expire. (Kuniyuki Iwashima) - iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (Kohei Enju) [Orabug: 39250955] {CVE-2026-31505} - ice: use ice_update_eth_stats() for representor stats (Petr Oros) - ice: fix inverted ready check for VF representors (Petr Oros) - platform/x86: intel-hid: disable wakeup_mode during hibernation (David Mcfarland) - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (Alok Tiwari) - net: bcmasp: fix double disable of clk (Justin Chen) - net: bcmasp: Add support for asp-v3.0 (Justin Chen) - net: bcmasp: fix double free of WoL irq (Justin Chen) [Orabug: 39250960] {CVE-2026-31506} - net: bcmasp: streamline early exit in probe (Justin Chen) - net: bcmasp: Remove support for asp-v2.0 (Justin Chen) - net: bcm: asp2: convert to phylib managed EEE (Russell King) - net: bcm: asp2: remove tx_lpi_enabled (Russell King) - net: bcm: asp2: fix LPI timer handling (Russell King) - rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size (Sabrina Dubroca) - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (Qi Tang) - openvswitch: validate MPLS set/set_masked payload length (Ao Zhou) [Orabug: 39263380] {CVE-2026-31679} - openvswitch: defer tunnel netdev_put to RCU release (Ao Zhou) [Orabug: 39263376] {CVE-2026-31678} - net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen) [Orabug: 39251167] {CVE-2026-31508} - nfc: nci: fix circular locking dependency in nci_close_device (Jakub Kicinski) - ionic: fix persistent MAC address override on PF (Mohammad Heib) - pinctrl: mediatek: common: Fix probe failure for devices without EINT (Luca Leonardo Scorcia) - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (Helen Koike) [Orabug: 39250972] {CVE-2026-31510} - Bluetooth: hci_ll: Fix firmware leak on error path (Anas Iqbal) [Orabug: 39323106] {CVE-2026-43069} - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (Luiz Augusto von Dentz) [Orabug: 39250978] {CVE-2026-31511} - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (Hyunwoo Kim) [Orabug: 39171453] {CVE-2026-31408} - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (Hyunwoo Kim) [Orabug: 39250981] {CVE-2026-31512} - can: statistics: add missing atomic access in hot path (Oliver Hartkopp) - dma: swiotlb: add KMSAN annotations to swiotlb_bounce() (Shigeru Yoshida) - af_key: validate families in pfkey_send_migrate() (Eric Dumazet) [Orabug: 39250996] {CVE-2026-31515} - xfrm: prevent policy_hthresh.work from racing with netns teardown (Minwoo Ra) [Orabug: 39251000] {CVE-2026-31516} - xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (Hyunwoo Kim) [Orabug: 39171446] {CVE-2026-31406} - esp: fix skb leak with espintcp and async crypto (Sabrina Dubroca) [Orabug: 39251008] {CVE-2026-31518} - xfrm: Fix the usage of skb->sk (Steffen Klassert) - xfrm: call xdo_dev_state_delete during state update (Sabrina Dubroca) - xfrm: fix the condition on x->pcpu_num in xfrm_sa_len (Sabrina Dubroca) - xfrm: add missing extack for XFRMA_SA_PCPU in add_acquire and allocspi (Sabrina Dubroca) - i3c: master: dw-i3c: Fix missing of_node for virtual I2C adapter (Peter Yin) - ALSA: hda/realtek: add quirk for ASUS UM6702RC (Zhang Heng) - spi: intel-pci: Add support for Nova Lake mobile SPI flash (Alan Borzeszkowski) - usb: core: new quirk to handle devices with zero configurations (Jie Deng) - drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (Yang Wang) - nvmet: move async event work off nvmet-wq (Chaitanya Kulkarni) [Orabug: 39262279] {CVE-2026-31557} - objtool: Handle Clang RSP musical chairs (Josh Poimboeuf) - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (Uzair Mughal) - ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (Liucheng Lu) - btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (Boris Burkov) [Orabug: 39251012] {CVE-2026-31519} - sched_ext: Use WRITE_ONCE() for the write side of dsq->seq update (Zhidao Su) - HID: apple: avoid memory leak in apple_report_fixup() (Günther Noack) [Orabug: 39251018] {CVE-2026-31520} - drm/ttm/tests: Fix build failure on PREEMPT_RT (Maarten Lankhorst) - ALSA: hda/senary: Ensure EAPD is enabled during init (Wangdicheng) - dma-buf: Include ioctl.h in UAPI header (Isaac J. Manjarres) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (Mark Brown) - scsi: devinfo: Add BLIST_SKIP_IO_HINTS for Iomega ZIP (Florian Fuchs) - scsi: mpi3mr: Clear reset history on ready and recheck state after timeout (Ranjan Kumar) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (Mark Brown) - module: Fix kernel panic when a symbol st_shndx is out of bounds (Ihor Solodrai) [Orabug: 39251025] {CVE-2026-31521} - HID: asus: add xg mobile 2023 external hardware support (Denis Benato) - HID: mcp2221: cancel last I2C command on read error (Romain Sioen) - kbuild: install-extmod-build: Package resolve_btfids if necessary (Thomas Weißschuh) - net: usb: r8152: add TRENDnet TUC-ET2G (Valentin Spreckels) - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (Takashi Iwai) - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (Günther Noack) [Orabug: 39251031] {CVE-2026-31522} - HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (Julius Lehmann) - nvme-pci: ensure we're polling a polled queue (Keith Busch) {CVE-2026-31523} - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (Hans de Goede) - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (Leif Skunberg) - nvme-fabrics: use kfree_sensitive() for DHCHAP secrets (Daniel Hodges) - nvme-pci: cap queue creation to used queues (Keith Busch) - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (Peter Metz) - HID: asus: avoid memory leak in asus_report_fixup() (Günther Noack) [Orabug: 39251044] {CVE-2026-31524} - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (Jenny Guanni Qu) [Orabug: 39251049] {CVE-2026-31525} - bpf: Release module BTF IDR before module unload (Kumar Kartikeya Dwivedi) - driver core: platform: use generic driver_override infrastructure (Danilo Krummrich) [Orabug: 39251055] {CVE-2026-31527} - driver core: generalize driver_override in struct device (Danilo Krummrich) - sh: platform_early: remove pdev->driver_override check (Danilo Krummrich) - hwmon: axi-fan: don't use driver_override as IRQ name (Danilo Krummrich) - cxl/hdm: Avoid incorrect DVSEC fallback when HDM decoders are enabled (Smita Koralahalli) - perf: Make sure to use pmu_ctx->pmu for groups (Peter Zijlstra) [Orabug: 39251060] {CVE-2026-31528} - bpf: Fix constant blinding for PROBE_MEM32 stores (Sachin Kumar) [Orabug: 39164149] {CVE-2026-23417} - cxl/port: Fix use after free of parent_port in cxl_detach_ep() (Alison Schofield) [Orabug: 39251064] {CVE-2026-31530} - LTS version: v6.12.79 (Sherry Yang) - Revert "LoongArch: Add machine_kexec_mask_interrupts() implementation" (Huacai Chen) - LTS version: v6.12.78 (Sherry Yang) - xen/privcmd: add boot control for restricted usage in domU (Juergen Gross) - xen/privcmd: restrict usage in unprivileged domU (Juergen Gross) [Orabug: 39142871] {CVE-2026-31788} - perf/x86/intel: Add missing branch counters constraint apply (Dapeng Mi) - hwmon: (max6639) Fix pulses-per-revolution implementation (Guenter Roeck) - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (Josh Law) - lib/bootconfig: check xbc_init_node() return in override path (Josh Law) - fs/tests: exec: Remove bad test vector (Kees Cook) - drm/i915/gt: Check set_default_submission() before deferencing (Rahul Bukte) [Orabug: 39262234] {CVE-2026-31540} - ksmbd: fix use-after-free in durable v2 replay of active file handles (Hyunwoo Kim) - ksmbd: fix use-after-free of share_conf in compound request (Hyunwoo Kim) - drm/amd: fix dcn 2.01 check (Andy Nguyen) - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (Srinivasan Shanmugam) - mtd: rawnand: brcmnand: skip DMA during panic write (Kamal Dasu) - mtd: rawnand: serialize lock/unlock against other NAND operations (Kamal Dasu) [Orabug: 39167445] {CVE-2026-23434} - mm/shmem, swap: avoid redundant Xarray lookup during swapin (Kairui Song) - mm/shmem, swap: improve cached mTHP handling and fix potential hang (Kairui Song) - mm: shmem: avoid unpaired folio_unlock() in shmem_swapin_folio() (Kemeng Shi) - mm: shmem: fix potential data corruption during shmem swapin (Baolin Wang) - mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (Pratyush Yadav) - mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (Pratyush Yadav) - x86/platform/uv: Handle deconfigured sockets (Kyle Meyer) [Orabug: 39262240] {CVE-2026-31542} - ring-buffer: Fix to update per-subbuf entries of persistent ring buffer (Masami Hiramatsu) - i2c: pxa: defer reset on Armada 3700 when recovery is used (Gabor Juhos) - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (Christophe Jaillet) - i2c: cp2615: fix serial string NULL-deref at probe (Johan Hovold) - USB: serial: f81232: fix incomplete serial port generation (Ji-Ze Hong) - drm/i915/psr: Compute PSR entry_setup_frames into intel_crtc_state (Jouni Högander) - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (Sanman Pradhan) - hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value (Sanman Pradhan) - icmp: fix NULL pointer dereference in icmp_tag_validation() (Weiming Shi) [Orabug: 39136286] {CVE-2026-23398} - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (Anas Iqbal) - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (Muhammad Hammad Ijaz) [Orabug: 39167454] {CVE-2026-23438} - nfnetlink_osf: validate individual option lengths in fingerprints (Weiming Shi) [Orabug: 39136282] {CVE-2026-23397} - netfilter: nf_tables: release flowtable after rcu grace period on error (Pablo Neira Ayuso) [Orabug: 39131092] {CVE-2026-23392} - netfilter: bpf: defer hook memory release until rcu readers are done (Florian Westphal) [Orabug: 39164139] {CVE-2026-23412} - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (Xiang Mei) [Orabug: 39262249] {CVE-2026-31546} - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (Xiang Mei) [Orabug: 39167457] {CVE-2026-23439} - net/mlx5e: Fix race condition during IPSec ESN update (Jianbo Liu) [Orabug: 39167461] {CVE-2026-23440} - net/mlx5e: Prevent concurrent access to IPSec ASO context (Jianbo Liu) [Orabug: 39167464] {CVE-2026-23441} - net/mlx5: qos: Restrict RTNL area to avoid a lock cycle (Cosmin Ratiu) - net: macb: fix uninitialized rx_fs_lock (Fedor Pchelkin) - wifi: mac80211: fix NULL deref in mesh_matches_local() (Xiang Mei) [Orabug: 39136278] {CVE-2026-23396} - iavf: fix VLAN filter lost on add/delete race (Petr Oros) - igc: fix page fault in XDP TX timestamps handling (Zdenek Bouska) [Orabug: 39167476] {CVE-2026-23445} - igc: fix missing update of skb->tail in igc_xmit_frame() (Kohei Enju) - net: usb: aqc111: Do not perform PM inside suspend callback (Nikola Z. Ivanov) - clsact: Fix use-after-free in init/destroy rollback asymmetry (Daniel Borkmann) [Orabug: 39164141] {CVE-2026-23413} - net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (Tobi Gaertner) [Orabug: 39167482] {CVE-2026-23447} - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (Tobi Gaertner) [Orabug: 39167487] {CVE-2026-23448} - net: airoha: Remove airoha_dev_stop() in airoha_remove() (Lorenzo Bianconi) - net: airoha: Read completion queue data in airoha_qdma_tx_napi_poll() (Lorenzo Bianconi) - net: airoha: fix PSE memory configuration in airoha_fe_pse_ports_init() (Lorenzo Bianconi) - net: airoha: read default PSE reserved pages value before updating (Lorenzo Bianconi) - net/sched: teql: Fix double-free in teql_master_xmit (Jamal Hadi Salim) [Orabug: 39167491] {CVE-2026-23449} - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (Jiayuan Chen) - PM: runtime: Fix a race condition related to device removal (Bart Van Assche) [Orabug: 39167500] {CVE-2026-23452} - sched: idle: Consolidate the handling of two special cases (Rafael J. Wysocki) - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (Dipayaan Roy) [Orabug: 39167505] {CVE-2026-23454} - net: bcmgenet: increase WoL poll timeout (Justin Chen) - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (Jenny Guanni Qu) [Orabug: 39167509] {CVE-2026-23455} - netfilter: xt_time: use unsigned int for monthday bit shift (Jenny Guanni Qu) - netfilter: xt_CT: drop pending enqueued packets on template removal (Pablo Neira Ayuso) [Orabug: 39131088] {CVE-2026-23391} - netfilter: nft_ct: drop pending enqueued packets on removal (Pablo Neira Ayuso) [Orabug: 39322991] {CVE-2026-43060} - nf_tables: nft_dynset: fix possible stateful expression memleak in error path (Pablo Neira Ayuso) [Orabug: 39139839] {CVE-2026-23399} - netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (Jenny Guanni Qu) [Orabug: 39167513] {CVE-2026-23456} - netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (Lukas Johannes Möller) [Orabug: 39167517] {CVE-2026-23457} - netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (Hyunwoo Kim) [Orabug: 39167521] {CVE-2026-23458} - netfilter: ctnetlink: remove refcounting in expectation dumpers (Florian Westphal) [Orabug: 38423445] {CVE-2025-39764} - mpls: add missing unregister_netdevice_notifier to mpls_init (Sabrina Dubroca) - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (Jiayuan Chen) - bridge: cfm: Fix race condition in peer_mep deletion (Hyunwoo Kim) - Bluetooth: qca: fix ROM version reading on WCN3998 chips (Dmitry Baryshkov) - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (Shaurya Rane) [Orabug: 39167531] {CVE-2026-23461} - Bluetooth: HIDP: Fix possible UAF (Luiz Augusto von Dentz) [Orabug: 39167533] {CVE-2026-23462} - Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (Wang Tao) [Orabug: 39322983] {CVE-2026-43059} - Bluetooth: hci_sync: Fix hci_le_create_conn_sync (Michael Grzeschik) - Bluetooth: ISO: Fix defer tests being unstable (Luiz Augusto von Dentz) - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (Christian Eggers) - firmware: arm_scpi: Fix device_node reference leak in probe path (Felix Gu) - firmware: arm_ffa: Remove vm_id argument in ffa_rxtx_unmap() (Levi Yun) - arm64: dts: renesas: r9a09g057: Remove wdt{0,2,3} nodes (Fabrizio Castro) - arm64: dts: renesas: r9a09g057: Add RTC node (Ovidiu Panait) - wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (Peddolla Harshavardhan Reddy) [Orabug: 39262255] {CVE-2026-31548} - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. (Kuniyuki Iwashima) [Orabug: 39262266] {CVE-2026-31551} - soc: fsl: cpm1: qmc: Fix error check for devm_ioremap_resource() in qmc_qe_init_resources() (Chen Ni) - soc: fsl: qbman: fix race condition in qman_destroy_fq (Richard Genoud) - cache: ax45mp: Fix device node reference leak in ax45mp_cache_init() (Felix Gu) - cache: starfive: fix device node leak in starlink_cache_init() (Felix Gu) - soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() (Zilin Guan) - btrfs: tree-checker: fix misleading root drop_level error message (Zhengyuan Huang) - btrfs: log new dentries when logging parent dir of a conflicting inode (Filipe Manana) [Orabug: 39167544] {CVE-2026-23465} - ata: libata-scsi: report correct sense field pointer in ata_scsiop_maint_in() (Damien Le Moal) - ata: libata-scsi: Return residual for emulated SCSI commands (Damien Le Moal) - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (Luiz Augusto von Dentz) [Orabug: 39131104] {CVE-2026-23395} - drm/xe: Open-code GGTT MMIO access protection (Matthew Brost) - drm/xe/oa: Allow reading after disabling OA stream (Ashutosh Dixit) - drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) - drm/radeon: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) - drm/imagination: Fix deadlock in soft reset sequence (Alessio Belle) - drm/amdgpu/mmhub4.1.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0.2: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0.1: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub2.3: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub2.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/gmc9.0: add bounds checking for cid (Alex Deucher) - drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (Xi Ruoyao) - drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (Maarten Lankhorst) - io_uring/kbuf: propagate BUF_MORE through early buffer commit path (Jens Axboe) - serial: uartlite: fix PM runtime usage count underflow on probe (Maciej Andrzejewski Iceye) - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (Ilpo Järvinen) - serial: 8250: Fix TX deadlock when using DMA (Raul E Rangel) [Orabug: 39323000] {CVE-2026-43061} - serial: 8250_pci: add support for the AX99100 (Martin Roukala) - iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry (Guanghui Feng) - mtd: Avoid boot crash in RedBoot partition table parser (Finn Thain) [Orabug: 39167570] {CVE-2026-23474} - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (Chen Ni) - mtd: rawnand: pl353: make sure optimal timings are applied (Olivier Sobrie) - spi: fix statistics allocation (Johan Hovold) [Orabug: 39167574] {CVE-2026-23475} - spi: fix use-after-free on controller registration failure (Johan Hovold) [Orabug: 39167576] {CVE-2026-31389} - pmdomain: bcm: bcm2835-power: Increase ASB control timeout (Maíra Canal) [Orabug: 39262262] {CVE-2026-31550} - mmc: sdhci: fix timing selection for 1-bit bus width (Luke Wang) - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (Matthew Schwartz) - ata: libata-core: disable LPM on ADATA SU680 SSD (Damien Le Moal) - batman-adv: avoid OGM aggregation when skb tailroom is insufficient (Ao Zhou) [Orabug: 39263396] {CVE-2026-31683} - btrfs: fix transaction abort when snapshotting received subvolumes (Filipe Manana) [Orabug: 39343743] {CVE-2026-43361} - kprobes: Remove unneeded warnings from __arm_kprobe_ftrace() (Masami Hiramatsu) - kprobes: Remove unneeded goto (Masami Hiramatsu) - powerpc64/bpf: fix kfunc call support (Hari Bathini) - powerpc64/bpf: Fold bpf_jit_emit_func_call_hlp() into bpf_jit_emit_func_call_rel() (Naveen N Rao) - s390/zcrypt: Enable AUTOSEL_DOM for CCA serialnr sysfs attribute (Harald Freudenberger) - drm/i915/psr: Write DSC parameters on Selective Update in ET mode (Jouni Högander) - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (Jouni Högander) - drm/i915/dsc: Add Selective Update register definitions (Jouni Högander) - ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION (Namjae Jeon) - ksmbd: unset conn->binding on failed binding request (Namjae Jeon) - smb: client: fix krb5 mount with username option (Paulo Alcantara) [Orabug: 39167586] {CVE-2026-31392} - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (Lukas Johannes Möller) [Orabug: 39167590] {CVE-2026-31393} - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (Lukas Johannes Möller) [Orabug: 39323031] {CVE-2026-43062} - mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (Felix Fietkau) [Orabug: 39167595] {CVE-2026-31394} - parisc: Flush correct cache in cacheflush() syscall (Helge Deller) - net: macb: fix use-after-free access to PTP clock (Fedor Pchelkin) [Orabug: 39167599] {CVE-2026-31396} - NFC: nxp-nci: allow GPIOs to sleep (Ian Ray) - LoongArch: Give more information if kmem access failed (Tiezhu Yang) - nvdimm/bus: Fix potential use after free in asynchronous initialization (Ira Weiny) [Orabug: 39167605] {CVE-2026-31399} - sunrpc: fix cache_request leak in cache_release (Jeff Layton) [Orabug: 39167609] {CVE-2026-31400} - HID: bpf: prevent buffer overflow in hid_hw_request (Benjamin Tissoires) - selftests/hid: fix compilation when bpf_wq and hid_device are not exported (Benjamin Tissoires) - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (Chuck Lever) [Orabug: 39167619] {CVE-2026-31403} - drm/amdgpu: Add basic validation for RAS header (Lijo Lazar) [Orabug: 38254044] {CVE-2025-38426} - drm/amd/pm: Use pm_display_cfg in legacy DPM (v2) (Timur Kristóf) - drm/amd/display: Add pixel_clock to amd_pp_display_configuration (Timur Kristóf) - drm/i915/psr: Repeat Selective Update area alignment (Jouni Högander) - drm/i915/alpm: ALPM disable fixes (Jouni Högander) - s390/xor: Fix xor_xc_2() inline assembly constraints (Heiko Carstens) - s390/stackleak: Fix __stackleak_poison() inline assembly constraint (Heiko Carstens) - sched/fair: Fix zero_vruntime tracking (Peter Zijlstra) - sched_ext: Remove redundant css_put() in scx_cgroup_init() (Cheng-Yang Chou) [Orabug: 39343945] {CVE-2026-43438} - mm: thp: deny THP for files on anonymous inodes (Deepanshu Kartikey) [Orabug: 39131037] {CVE-2026-23375} - erofs: fix inline data read failure for ztailpacking pclusters (Gao Xiang) [Orabug: 39451908] {CVE-2026-45943} - xfs: get rid of the xchk_xfile_*_descr calls (Darrick J. Wong) [Orabug: 39103135] {CVE-2026-23252} - binfmt_misc: restore write access before closing files opened by open_exec() (Zilin Guan) [Orabug: 38773484] {CVE-2025-68239} - net: dsa: properly keep track of conduit reference (Vladimir Oltean) [Orabug: 38887610] {CVE-2025-71152} - dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() (Guodong Xu) - blk-throttle: fix access race during throttle policy activation (Han Guangjiang) [Orabug: 38649132] {CVE-2025-40147} - f2fs: fix to avoid migrating empty section (Chao Yu) - f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic (Zhiguo Niu) - f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi (Zhiguo Niu) - net: stmmac: remove support for lpi_intr_o (Russell King) - mptcp: pm: in-kernel: always set ID as avail when rm endp (Matthieu Baerts) [Orabug: 39331851] {CVE-2026-43252} - platform/x86/amd/pmc: Add support for Van Gogh SoC (Antheas Kapenekakis) [Orabug: 38792613] {CVE-2025-68334} - x86/uprobes: Fix XOL allocation failure for 32-bit tasks (Oleg Nesterov) - io_uring/uring_cmd: fix too strict requirement on ioctl (Asbjoern Sloth Toennesen) - tracing: Add recursion protection in kernel stack trace recording (Steven Rostedt) [Orabug: 38970274] {CVE-2026-23138} - ice: fix devlink reload call trace (Paul Greenwalt) [Orabug: 38931107] {CVE-2026-23104} - btrfs: do not strictly require dirty metadata threshold for metadata writepages (Qu Wenruo) [Orabug: 38970327] {CVE-2026-23157} - rxrpc: Fix recvmsg() unconditional requeue (David Howells) - dm-verity: disable recursive forward error correction (Mikulas Patocka) [Orabug: 38887636] {CVE-2025-71161} - drm/xe/sync: Cleanup partially initialized sync on parse failure (Shuicheng Lin) [Orabug: 39343830] {CVE-2026-43395} - xfs: fix integer overflow in bmap intent sort comparator (Long Li) - crypto: atmel-sha204a - Fix OOM ->tfm_count leak (Thorsten Blum) - cifs: open files should not hold ref on superblock (Shyam Prasad N) - drm/bridge: ti-sn65dsi83: halve horizontal syncs for dual LVDS output (Luca Ceresoli) - ksmbd: Don't log keys in SMB3 signing and encryption key generation (Thorsten Blum) - KVM: x86: Introduce KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM (Jim Mattson) - KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET (Chao Gao) - fgraph: Fix thresh_return clear per-task notrace (Shengming Hu) - iomap: reject delalloc mappings during writeback (Darrick J. Wong) - sched_ext: Fix starvation of scx_enable() under fair-class saturation (Tejun Heo) [Orabug: 39343824] {CVE-2026-43392} - sched_ext: Disable preemption between scx_claim_exit() and kicking helper work (Tejun Heo) [Orabug: 39386852] {CVE-2026-43482} - nsfs: tighten permission checks for ns iteration ioctls (Christian Brauner) [Orabug: 39343840] {CVE-2026-43403} - mm/kfence: fix KASAN hardware tag faults during late enablement (Alexander Potapenko) - mm/page_alloc: forward the gfp flags from alloc_contig_range() to post_alloc_hook() (David Hildenbrand) - mm/page_alloc: sort out the alloc_contig_range() gfp flags mess (David Hildenbrand) - mm/page_alloc: move set_page_refcounted() to callers of post_alloc_hook() (Matthew Wilcox) - mmc: dw_mmc-rockchip: Fix runtime PM support for internal phase support (Shawn Lin) - mmc: dw_mmc-rockchip: Add memory clock auto-gating support (Shawn Lin) - mmc: dw_mmc-rockchip: use modern PM macros (Jisheng Zhang) - KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (Sean Christopherson) [Orabug: 39386854] {CVE-2026-43483} - KVM: SVM: Add a helper to look up the max physical ID for AVIC (Naveen N Rao) - KVM: SVM: Limit AVIC physical max index based on configured max_vcpu_ids (Naveen N Rao) - usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling (Jiasheng Jiang) - usb: gadget: f_ncm: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - cleanup: Provide retain_and_null_ptr() (Thomas Gleixner) - can: gs_usb: gs_can_open(): always configure bitrates before starting device (Marc Kleine-Budde) - xfs: Fix error pointer dereference (Ethan Tidmore) - net/sched: act_gate: snapshot parameters with RCU on replace (Paul Moses) [Orabug: 39103117] {CVE-2026-23245} - selftests: mptcp: join: check RM_ADDR not sent over same subflow (Matthieu Baerts) - selftests: mptcp: add a check for 'add_addr_accepted' (Gang Yan) - drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink (Natalie Vock) - mptcp: pm: avoid sending RM_ADDR over same subflow (Matthieu Baerts) - mptcp: pm: in-kernel: always mark signal+subflow endp as used (Matthieu Baerts) [Orabug: 39130868] {CVE-2026-23321} - perf/x86/intel/uncore: Add per-scheduler IMC CAS count events (Zide Chen) - perf/x86/intel/uncore: Support more units on Granite Rapids (Kan Liang) - wifi: libertas: fix use-after-free in lbs_free_adapter() (Daniel Hodges) [Orabug: 39130708] {CVE-2026-23281} - platform/x86: hp-bioscfg: Support allocations of larger data (Mario Limonciello) - x86/sev: Allow IBPB-on-Entry feature for SNP guests (Kim Phillips) - net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (Andrew Lunn) [Orabug: 39131008] {CVE-2026-23368} - gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (Ankit Garg) [Orabug: 39131072] {CVE-2026-23386} - spi: cadence-quadspi: Implement refcount to handle unbind during busy (Khairul Anuar Romli) - ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths (Fedor Pchelkin) - smb: client: Compare MACs in constant time (Eric Biggers) - ksmbd: Compare MACs in constant time (Eric Biggers) - net/tcp-md5: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 39343805] {CVE-2026-43383} - drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (John Ripple) - i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor (Adrian Hunter) - i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort (Adrian Hunter) - i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors (Adrian Hunter) - iio: proximity: hx9023s: Protect against division by zero in set_samp_freq (Yasin Lee) - iio: imu: inv_icm42600: fix odr switch when turning buffer off (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix odr switch to the same value (Jean-Baptiste Maneyrol) - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (Antoniu Miclaus) - iio: gyro: mpu3050-core: fix pm_runtime error handling (Antoniu Miclaus) [Orabug: 39343731] {CVE-2026-43357} - iio: buffer: Fix wait_queue not being removed (Nuno Sa) - iio: chemical: bme680: Fix measurement wait duration calculation (Chris Spencer) - iio: potentiometer: mcp4131: fix double application of wiper shift (Lukas Schmid) - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (Antoniu Miclaus) - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (Antoniu Miclaus) - iio: frequency: adf4377: Fix duplicated soft reset mask (Seungju Cheon) - iio: dac: ds4424: reject -128 RAW value (Oleksij Rempel) - btrfs: abort transaction on failure to update root in the received subvol ioctl (Filipe Manana) - btrfs: fix transaction abort on set received ioctl due to item overflow (Filipe Manana) [Orabug: 39343736] {CVE-2026-43359} - btrfs: fix transaction abort on file creation due to name hash collision (Filipe Manana) [Orabug: 39343740] {CVE-2026-43360} - smb: client: fix iface port assignment in parse_server_interfaces (Henrique Carvalho) - smb: client: fix in-place encryption corruption in SMB2_write() (Bharath Sm) [Orabug: 39343749] {CVE-2026-43362} - smb: client: fix atomic open with O_DIRECT & O_SYNC (Paulo Alcantara) - lib/bootconfig: check bounds before writing in __xbc_open_brace() (Josh Law) - lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after() (Josh Law) - x86/apic: Disable x2apic on resume if the kernel expects so (Shashank Balaji) [Orabug: 39343755] {CVE-2026-43363} - lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error (Josh Law) - s390/dasd: Copy detected format information to secondary device (Stefan Haberland) - s390/dasd: Move quiesce state with pprc swap (Stefan Haberland) - xfs: ensure dquot item is deleted from AIL only after log shutdown (Long Li) - xfs: fix undersized l_iclog_roundoff values (Darrick J. Wong) [Orabug: 39343760] {CVE-2026-43365} - xfs: fix returned valued from xfs_defer_can_append (Carlos Maiolino) - cifs: make default value of retrans as zero (Shyam Prasad N) - tracing: Fix trace_buf_size= cmdline parameter with sizes >= 2G (Calvin Owens) - tracing: Fix enabling multiple events on the kernel command line and bootconfig (Andrei-Alexandru Tachici) - drm/msm: Fix dma_free_attrs() buffer size (Thomas Fourier) - drm/i915: Fix potential overflow of shmem scatterlist length (Janusz Krzysztofik) [Orabug: 39343766] {CVE-2026-43368} - drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (Luca Ceresoli) - drm/amd: Set num IP blocks to 0 if discovery fails (Mario Limonciello) - drm/amdgpu: Fix use-after-free race in VM acquire (Alysa Liu) [Orabug: 39343769] {CVE-2026-43370} - drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (Yang Wang) - net: dsa: microchip: Fix error path in PTP IRQ setup (Bastien Curutchet) - net: ethernet: arc: emac: quiesce interrupts before requesting IRQ (Fan Wu) - net: ncsi: fix skb leak in error paths (Jian Zhang) - net: nexthop: fix percpu use-after-free in remove_nh_grp_entry (Mehul Rao) [Orabug: 39343780] {CVE-2026-43374} - ksmbd: fix use-after-free by using call_rcu() for oplock_info (Namjae Jeon) - smb: server: fix use-after-free in smb2_open() (Marios Makassikis) - ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() (Namjae Jeon) - drm/amd/display: Fallback to boot snapshot for dispclk (Dillon Varone) - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (Maximilian Pezzullo) [Orabug: 39386866] {CVE-2026-43487} - pmdomain: bcm: bcm2835-power: Fix broken reset status read (Maíra Canal) - parisc: Check kernel mapping earlier at bootup (Helge Deller) - parisc: Fix initial page table creation for boot (Helge Deller) - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (Sanman Pradhan) - arm64: mm: Add PTE_DIRTY back to PAGE_KERNEL* to fix kexec/hibernation (Catalin Marinas) - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (Dave Airlie) [Orabug: 39343796] {CVE-2026-43381} - parisc: Increase initial mapping to 64 MB with KALLSYMS (Helge Deller) - batman-adv: Avoid double-rtnl_lock ELP metric worker (Sven Eckelmann) [Orabug: 39343801] {CVE-2026-43382} - net/tcp-ao: Fix MAC comparison to be constant-time (Eric Biggers) - tracing: Fix syscall events activation by ensuring refcount hits zero (Huiwen He) - ice: fix retry for AQ command 0x06EE (Jakub Staniszewski) - net: mana: Ring doorbell at 4 CQ wraparounds (Long Li) - media: dvb-net: fix OOB access in ULE extension header tables (Ariel Silver) [Orabug: 39171441] {CVE-2026-31405} - staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie (Luka Gejak) - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (Greg Kroah-Hartman) - ixgbevf: fix link setup issue (Jedrzej Jagielski) - ice: reintroduce retry mechanism for indirect AQ (Jakub Staniszewski) - btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() (Mark Harmstone) [Orabug: 39343826] {CVE-2026-43393} - irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports (Marc Zyngier) - device property: Allow secondary lookup in fwnode_get_next_child_node() (Andy Shevchenko) - nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). (Kuniyuki Iwashima) [Orabug: 39343828] {CVE-2026-43394} - s390/pfault: Fix virtual vs physical address confusion (Alexander Gordeev) - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (Franz Schnyder) - drm/bridge: samsung-dsim: Fix memory leak in error path (Osama Abdelkader) [Orabug: 39343833] {CVE-2026-43397} - drm/amd: Disable MES LR compute W/A (Mario Limonciello) - Revert "tcpm: allow looking for role_sw device in the main node" (Xu Yang) - Fix CC_HAS_ASM_GOTO_OUTPUT on non-x86 architectures (Linus Torvalds) - kbuild: Disable CC_HAS_ASM_GOTO_OUTPUT on clang < 17 (Thomas Gleixner) - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (Xingui Yang) [Orabug: 39343866] {CVE-2026-43413} - scsi: hisi_sas: Use macro instead of magic number (Yihang Li) - scsi: hisi_sas: Add time interval between two H2D FIS following soft reset spec (Xingui Yang) - scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend (Wangshuaiwei) [Orabug: 39343873] {CVE-2026-43415} - i3c: dw-i3c-master: Set SIR_REJECT in DAT on device attach and reattach (Adrian Ng Ho Yin) - time/jiffies: Mark jiffies_64_to_clock_t() notrace (Steven Rostedt) - ceph: fix memory leaks in ceph_mdsc_build_path() (Max Kellermann) [Orabug: 39343881] {CVE-2026-43419} - ceph: fix i_nlink underrun during async unlink (Max Kellermann) [Orabug: 39343883] {CVE-2026-43420} - libceph: admit message frames only in CEPH_CON_S_OPEN state (Ilya Dryomov) - libceph: Use u32 for non-negative values in ceph_monmap_decode() (Raphael Zimmer) [Orabug: 39343843] {CVE-2026-43405} - libceph: prevent potential out-of-bounds reads in process_message_header() (Ilya Dryomov) [Orabug: 39343846] {CVE-2026-43406} - libceph: reject preamble if control segment is empty (Ilya Dryomov) - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (Raphael Zimmer) [Orabug: 39343849] {CVE-2026-43407} - ceph: add a bunch of missing ceph_path_info initializers (Max Kellermann) [Orabug: 39343853] {CVE-2026-43408} - kprobes: avoid crash when rmmod/insmod after ftrace killed (Masami Hiramatsu) [Orabug: 39343855] {CVE-2026-43409} - tipc: fix divide-by-zero in tipc_sk_filter_connect() (Mehul Rao) [Orabug: 39343860] {CVE-2026-43411} - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (Ravi Hothi) - mmc: core: Avoid bitfield RMW for claim/retune flags (Penghe Geng) [Orabug: 39386858] {CVE-2026-43484} - mm/kfence: disable KFENCE upon KASAN HW tags enablement (Alexander Potapenko) - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (Felix Gu) - mm/tracing: rss_stat: ensure curr is false from kthread context (Kalesh Singh) - rust: kbuild: allow unused_features (Miguel Ojeda) - usb: image: mdc800: kill download URB on timeout (Ziyi Guo) [Orabug: 39343896] {CVE-2026-43425} - usb: mdc800: handle signal and read racing (Oliver Neukum) - usb: renesas_usbhs: fix use-after-free in ISR during device removal (Fan Wu) - usb: class: cdc-wdm: fix reordering issue in read code path (Oliver Neukum) [Orabug: 39343905] {CVE-2026-43427} - USB: core: Limit the length of unkillable synchronous timeouts (Alan Stern) [Orabug: 39343910] {CVE-2026-43428} - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (Alan Stern) [Orabug: 39343916] {CVE-2026-43429} - USB: usbcore: Introduce usb_bulk_msg_killable() (Alan Stern) - usb: typec: altmode/displayport: set displayport signaling rate in configure message (Rd Babiera) - usb: roles: get usb role switch from parent only for usb-b-connector (Xu Yang) - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (Marc Zyngier) - usb: core: don't power off roothub PHYs if phy_set_mode() fails (Gabor Juhos) - usb: misc: uss720: properly clean up reference in uss720_probe() (Greg Kroah-Hartman) - usb: dwc3: pci: add support for the Intel Nova Lake -H (Krogerus Heikki) - usb: yurex: fix race in probe (Oliver Neukum) [Orabug: 39343920] {CVE-2026-43430} - usb: xhci: Prevent interrupt storm on host controller error (HCE) (Dayu Jiang) [Orabug: 39386868] {CVE-2026-43488} - usb: xhci: Fix memory leak in xhci_disable_slot() (Zilin Guan) [Orabug: 39343929] {CVE-2026-43432} - USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (Vyacheslav Vahnenko) - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (Christoffer Sandberg) - USB: add QUIRK_NO_BOS for video capture several devices (A1Rm4X) - KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (Sean Christopherson) - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (Zhang Heng) - ata: libata-core: Add BRIDGE_OK quirk for QEMU drives (Pedro Falcato) - net: usb: lan78xx: skip LTM configuration for LAN7850 (Oleksij Rempel) - net: usb: lan78xx: fix TX byte statistics for small packets (Oleksij Rempel) - net: usb: lan78xx: fix silent drop of packets with checksum errors (Oleksij Rempel) - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (Takashi Iwai) [Orabug: 39343938] {CVE-2026-43436} - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (Mehul Rao) [Orabug: 39343941] {CVE-2026-43437} - cgroup: fix race between task migration and iteration (Qingye Zhao) [Orabug: 39343947] {CVE-2026-43439} - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (Seungjin Bae) - iio: imu: inv-mpu9150: fix irq ack preventing irq storms (Andreas Kemnade) - net: prevent NULL deref in ip[6]tunnel_xmit() (Eric Dumazet) - octeontx2-af: devlink: fix NIX RAS reporter to use RAS interrupt status (Alok Tiwari) - octeontx2-af: devlink: fix NIX RAS reporter recovery condition (Alok Tiwari) - net: dsa: realtek: Fix LED group port bit for non-zero LED group (Marek Behún) - net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (Ricardo B. Marlière) [Orabug: 39343952] {CVE-2026-43441} - drm/amdkfd: Unreserve bo if queue update failed (Philip Yang) [Orabug: 39343958] {CVE-2026-43444} - ASoC: detect empty DMI strings (Casey Connolly) - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (Chen Ni) - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (Ben Dooks) - net: bcmgenet: fix broken EEE by converting to phylib-managed state (Nicolai Buchwitz) - e1000/e1000e: Fix leak in DMA error cleanup (Matt Vollrath) [Orabug: 39343960] {CVE-2026-43445} - i40e: fix src IP mask checks and memcpy argument names in cloud filter (Alok Tiwari) - nvme-pci: Fix race bug in nvme_poll_irqdisable() (Sungwoo Kim) [Orabug: 39343966] {CVE-2026-43448} - nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (Sungwoo Kim) [Orabug: 39343971] {CVE-2026-43449} - perf ftrace: Fix hashmap__new() error checking (Chen Ni) - regulator: pca9450: Correct interrupt type (Peng Fan) - perf annotate: Fix hashmap__new() error checking (Chen Ni) - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (Yuan Tan) [Orabug: 39110655] {CVE-2026-23274} - netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (Hyunwoo Kim) [Orabug: 39343975] {CVE-2026-43450} - netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (Hyunwoo Kim) [Orabug: 39343979] {CVE-2026-43451} - netfilter: x_tables: guard option walkers against 1-byte tail reads (David Dull) [Orabug: 39343983] {CVE-2026-43452} - netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (Jenny Guanni Qu) [Orabug: 39343987] {CVE-2026-43453} - net: add xmit recursion limit to tunnel xmit functions (Weiming Shi) [Orabug: 39110659] {CVE-2026-23276} - xdp: register system page pool as an XDP memory model (Toke Høiland-Jørgensen) - xdp: allow attaching already registered memory model to xdp_rxq_info (Alexander Lobakin) - amd-xgbe: prevent CRC errors during RX adaptation with AN disabled (Raju Rangoju) - amd-xgbe: fix link status handling in xgbe_rx_adaptation (Raju Rangoju) - mctp: route: hold key->lock in mctp_flow_prepare_output() (Chengfeng Ye) - bonding: fix type confusion in bond_setup_by_slave() (Jiayuan Chen) [Orabug: 39343993] {CVE-2026-43456} - bonding: use common function to compute the features (Hangbin Liu) - net: add a common function to compute features for upper devices (Hangbin Liu) - bonding: Correctly support GSO ESP offload (Cosmin Ratiu) - bonding: add ESP offload features when slaves support (Jianbo Liu) - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (Wenyuan Li) - mctp: i2c: fix skb memory leak in receive path (Haiyue Wang) - bnxt_en: Fix RSS table size check when changing ethtool channels (Pavan Chebbi) - serial: caif: hold tty->link reference in ldisc_open and ser_release (Shuangpeng Bai) - net: sfp: improve Huawei MA5671a fixup (Álvaro Fernández Rojas) - ASoC: simple-card-utils: fix graph_util_is_ports0() for DT overlays (Sen Wang) - ASoC: simple-card-utils: use __free(device_node) for device node (Kuninori Morimoto) - ASoC: soc-core: flush delayed work before removing DAIs and widgets (Matteo Cotifava) [Orabug: 39344003] {CVE-2026-43459} - ASoC: soc-core: drop delayed_work_pending() check before flush (Matteo Cotifava) - drm/sitronix/st7586: fix bad pixel data due to byte swap (David Lechner) - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (Weiming Shi) [Orabug: 39110665] {CVE-2026-23277} - net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (Gal Pressman) [Orabug: 39344016] {CVE-2026-43466} - net/mlx5: Fix deadlock between devlink lock and esw->wq (Cosmin Ratiu) [Orabug: 39344022] {CVE-2026-43468} - net/mlx5: Query to see if host PF is disabled (Daniel Jurgens) - net/mlx5: IFC updates for disabled host PF (Daniel Jurgens) - bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states (Hangbin Liu) - drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (Yang Wang) - drm/msm/dsi: fix pclk rate calculation for bonded dsi (Pengyu Luo) - net: dsa: realtek: rtl8365mb: remove ifOutDiscards from rx_packets (Mieczyslaw Nalewaj) - perf disasm: Fix off-by-one bug in outside check (Peter Collingbourne) - workqueue: Use POOL_BH instead of WQ_BH when checking pool flags (Breno Leitao) - btrfs: hold space_info->lock when clearing periodic reclaim ready (Sun Yangkai) - xprtrdma: Decrement re_receiving on the early exit paths (Eric Badger) [Orabug: 39344025] {CVE-2026-43469} - drm/msm/dsi: fix hdisplay calculation when programming dsi registers (Pengyu Luo) - nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (Roberto Bergantinos Corpas) [Orabug: 39344029] {CVE-2026-43470} - smb/server: Fix another refcount leak in smb2_open() (Guenter Roeck) - powerpc: 83xx: km83xx: Fix keymile vendor prefix (Jonathan Neuschäfer) - remoteproc: sysmon: Correct subsys_name_len type in QMI request (Bjorn Andersson) - powerpc/crash: adjust the elfcorehdr size (Sourabh Jain) - powerpc/kexec/core: use big-endian types for crash variables (Sourabh Jain) - kexec: Include kernel-end even without crashkernel (Ben Collins) - kexec: Consolidate machine_kexec_mask_interrupts() implementation (Eliav Farber) - powerpc/uaccess: Fix inline assembly for clang build on PPC32 (Christophe Leroy) - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (Takashi Iwai) - drm/amdgpu/vcn5: Add SMU dpm interface type (Sguttula) - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (Takashi Iwai) - scsi: ufs: core: Fix shift out of bounds when MAXQ=32 (Wangshuaiwei) - scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() (Peter Wang) [Orabug: 39344031] {CVE-2026-43471} - ASoC: cs42l43: Report insert for exotic peripherals (Charles Keepax) - ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (Azamat Almazbek Uulu) - scsi: ses: Fix devices attaching to different hosts (Tomas Henzl) - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (Sofia Schneider) - wifi: mac80211: set default WMM parameters on all links (Ramanathan Choodamani) - unshare: fix unshare_fs() handling (Al Viro) [Orabug: 39344033] {CVE-2026-43472} - ALSA: hda/realtek: Fix speaker pop on Star Labs StarFighter (Sean Rhodes) - scsi: mpi3mr: Add NULL checks when resetting request and reply queues (Ranjan Kumar) [Orabug: 39344037] {CVE-2026-43473} - ACPI: PM: Save NVS memory on Lenovo G70-35 (Piotr Mazek) - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (Jan Kiszka) [Orabug: 39344042] {CVE-2026-43475} - LTS version: v6.12.77 (Sherry Yang) - ata: libata-eh: Fix detection of deferred qc timeouts (Guenter Roeck) - ata: libata: cancel pending work after clearing deferred_qc (Niklas Cassel) - ata: libata-eh: correctly handle deferred qc timeouts (Damien Le Moal) - ata: libata-core: fix cancellation of a port deferred qc work (Damien Le Moal) - ext4: fix potential null deref in ext4_mb_init() (Baokun Li) - apparmor: fix race between freeing data and fs accessing it (John Johansen) - apparmor: fix race on rawdata dereference (John Johansen) - apparmor: fix differential encoding verification (John Johansen) - apparmor: fix unprivileged local user can do privileged policy management (John Johansen) - apparmor: Fix double free of ns_name in aa_replace_profiles() (John Johansen) - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (Massimiliano Pellizzer) - apparmor: fix side-effect bug in match_char() macro usage (Massimiliano Pellizzer) - apparmor: fix: limit the number of levels of policy namespaces (John Johansen) - apparmor: replace recursive profile removal with iterative approach (Massimiliano Pellizzer) - apparmor: fix memory leak in verify_header (Massimiliano Pellizzer) - apparmor: validate DFA start states are in bounds in unpack_pdb (Massimiliano Pellizzer) - selftest/arm64: Fix sve2p1_sigill() to hwcap test (Yifan Wu) - xdp: produce a warning when calculated tailroom is negative (Larysa Zaremba) [Orabug: 39130928] {CVE-2026-23343} - i40e: use xdp.frame_sz as XDP RxQ info frag_size (Larysa Zaremba) - i40e: fix registering XDP RxQ info (Larysa Zaremba) - xsk: introduce helper to determine rxq->frag_size (Larysa Zaremba) - xdp: use modulo operation to calculate XDP frag tailroom (Larysa Zaremba) - net/sched: act_ife: Fix metalist update behavior (Jamal Hadi Salim) - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (Jiayuan Chen) [Orabug: 39130788] {CVE-2026-23300} - net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera) [Orabug: 39130766] {CVE-2026-23293} - selftests/harness: order TEST_F and XFAIL_ADD constructors (Sun Jian) - kselftest/harness: Use helper to avoid zero-size memset warning (Wake Liu) - net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() (Lorenzo Bianconi) - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (Florian Westphal) [Orabug: 39130948] {CVE-2026-23351} - net: stmmac: Fix error handling in VLAN add and delete paths (Ovidiu Panait) - nfc: rawsock: cancel tx_work before socket teardown (Jakub Kicinski) - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (Jakub Kicinski) - nfc: nci: free skb on nci_transceive early error paths (Jakub Kicinski) - net_sched: sch_fq: clear q->band_pkt_count[] in fq_reset() (Eric Dumazet) - net: nfc: nci: Fix zero-length proprietary notifications (Ian Ray) - net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (Koichiro Den) [Orabug: 39130922] {CVE-2026-23340} - hwmon: (max6639) fix inverted polarity (Olivier Sobrie) - hwmon: (max6639) : Configure based on DT property (Naresh Solanki) - nvme: fix memory allocation in nvme_pr_read_keys() (Sungwoo Kim) [Orabug: 39103115] {CVE-2026-23244} - nvme: reject invalid pr_read_keys() num_keys values (Stefan Hajnoczi) - drm/xe/reg_sr: Fix leak on xa_store failure (Shuicheng Lin) - i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (Charles Haithcock) [Orabug: 39131012] {CVE-2026-23369} - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (Kernel Test Robot) - amd-xgbe: fix sleep while atomic on suspend/resume (Raju Rangoju) - net: ipv4: fix ARM64 alignment fault in multipath hash seed (Yung Chih Su) [Orabug: 39130846] {CVE-2026-23316} - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (Jakub Kicinski) [Orabug: 39130806] {CVE-2026-23304} - smb/client: fix buffer size for smb311_posix_qinfo in SMB311_posix_query_info() (Zhangguodong) - smb/client: fix buffer size for smb311_posix_qinfo in smb2_compound_op() (Zhangguodong) - bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (Lang Xu) [Orabug: 39130859] {CVE-2026-23319} - iavf: fix netdev->max_mtu to respect actual hardware limit (Kohei Enju) - xen/acpi-processor: fix _CST detection using undersized evaluation buffer (David Thomson) - indirect_call_wrapper: do not reevaluate function pointer (Eric Dumazet) - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (Lorenzo Bianconi) [Orabug: 39130843] {CVE-2026-23315} - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (Lorenzo Bianconi) - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (Lorenzo Bianconi) - wifi: wlcore: Fix a locking bug (Bart Van Assche) [Orabug: 39167424] {CVE-2026-23420} - wifi: cw1200: Fix locking in error paths (Bart Van Assche) - octeon_ep_vf: avoid compiler and IQ/OQ reordering (Vimlesh Kumar) - octeon_ep_vf: Relocate counter updates before NAPI (Vimlesh Kumar) - octeon_ep: avoid compiler and IQ/OQ reordering (Vimlesh Kumar) - octeon_ep: Relocate counter updates before NAPI (Vimlesh Kumar) - bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (Jiayuan Chen) [Orabug: 39130827] {CVE-2026-23310} - net: dsa: realtek: rtl8365mb: fix rtl8365mb_phy_ocp_write return value (Mieczyslaw Nalewaj) - kunit: tool: copy caller args in run_kernel to prevent mutation (Shuvam Pandey) - rust: kunit: fix warning when !CONFIG_PRINTK (Alexandre Courbot) - drm/xe: Do not preempt fence signaling CS instructions (Matthew Brost) - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (Sebastian Krzyszkowiak) {CVE-2026-23373} - can: mcp251x: fix deadlock in error path of mcp251x_open (Alban Bedel) [Orabug: 39130970] {CVE-2026-23357} - can: bcm: fix locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 39131186] {CVE-2026-23362} - amd-xgbe: fix MAC_TCR_SS register width for 2.5G and 10M speeds (Raju Rangoju) - net: ti: icssg-prueth: Fix ping failure after offload mode setup when link speed is not 1G (Md Danish Anwar) - atm: lec: fix null-ptr-deref in lec_arp_clear_vccs (Jiayuan Chen) [Orabug: 39130725] {CVE-2026-23286} - xsk: Fix zero-copy AF_XDP fragment drop (Nikhil P. Rao) - xsk: Fix fragment node deletion to prevent buffer leak (Nikhil P. Rao) - xsk: s/free_list_node/list_node/ (Maciej Fijalkowski) - xsk: Get rid of xdp_buff_xsk::xskb_list_node (Maciej Fijalkowski) - net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table (Chintan Vankar) - drm/solomon: Fix page start when updating rectangle in page addressing mode (Francesco Lavra) - e1000e: clear DPG_EN after reset to avoid autonomous power-gating (Vitaly Lifshits) - i40e: Fix preempt count leak in napi poll tracepoint (Thomas Gleixner) [Orabug: 39130838] {CVE-2026-23313} - idpf: change IRQ naming to match netdev and ethtool queue numbering (Brian Vazquez) - hwmon: (it87) Check the it87_lock() return value (Bart Van Assche) - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (Felix Gu) - HID: multitouch: new class MT_CLS_EGALAX_P80H84 (Ian Ray) - HID: multitouch: add quirks for Lenovo Yoga Book 9i (Brian Howard) - platform/x86: thinkpad_acpi: Fix errors reading battery thresholds (Jonathan Teh) - pinctrl: equilibrium: fix warning trace on load (Florian Eckert) - pinctrl: equilibrium: rename irq_chip function callbacks (Florian Eckert) - hwmon: (aht10) Fix initialization commands for AHT20 (Hao Yu) - hwmon: (aht10) Add support for dht20 (Akhilesh Patil) - nvme: fix admin queue leak on controller reset (Ming Lei) [Orabug: 39131191] {CVE-2026-23360} - ACPI: APEI: GHES: Disable KASAN instrumentation when compile testing with clang < 18 (Nathan Chancellor) - btrfs: always fallback to buffered write if the inode requires checksum (Qu Wenruo) - net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz (Huacai Chen) - ARM: clean up the memset64() C wrapper (Thomas Weißschuh) - xattr: switch to CLASS(fd) (Al Viro) [Orabug: 39073878] {CVE-2024-14027} - selftests: mptcp: join: check removing signal+subflow endp (Matthieu Baerts) - selftests: mptcp: more stable simult_flows tests (Paolo Abeni) - smb: client: Don't log plaintext credentials in cifs_set_cifscreds (Thorsten Blum) {CVE-2026-23303} - smb: client: fix broken multichannel with krb5+signing (Paulo Alcantara) - smb: client: fix cifs_pick_channel when channels are equally loaded (Henrique Carvalho) - drbd: fix null-pointer dereference on local read error (Christoph Böhmwalder) [Orabug: 39130720] {CVE-2026-23285} - drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (Lars Ellenberg) [Orabug: 39130964] {CVE-2026-23356} - Squashfs: check metadata block offset is within range (Phillip Lougher) [Orabug: 39131078] {CVE-2026-23388} - scsi: target: Fix recursive locking in __configfs_open_file() (Prithvi Tambewagh) [Orabug: 39130762] {CVE-2026-23292} - tracing: Fix WARN_ON in tracing_buffers_mmap_close (Qing Wang) [Orabug: 39131052] {CVE-2026-23380} - nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (Kuniyuki Iwashima) [Orabug: 39130777] {CVE-2026-23297} - net/sched: ets: fix divide by zero in the offload path (Davide Caratti) [Orabug: 39131048] {CVE-2026-23379} - RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (Jason Gunthorpe) [Orabug: 39130901] {CVE-2026-23335} - IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() (Jason Gunthorpe) [Orabug: 39130741] {CVE-2026-23289} - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (Vahagn Vardanian) [Orabug: 39130699] {CVE-2026-23279} - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (Ariel Silver) [Orabug: 39103120] {CVE-2026-23246} - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (Daniil Dulov) [Orabug: 39130904] {CVE-2026-23336} - wifi: radiotap: reject radiotap with unknown bits (Johannes Berg) [Orabug: 39131004] {CVE-2026-23367} - ALSA: usb-audio: Use correct version for UAC3 header validation (Jun Seo) [Orabug: 39130853] {CVE-2026-23318} - platform/x86: dell-wmi: Add audio/mic mute key codes (Kurt Borja) - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (Thorsten Blum) {CVE-2026-23370} - x86/efi: defer freeing of boot services memory (Mike Rapoport) [Orabug: 39130952] {CVE-2026-23352} - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (Greg Kroah-Hartman) [Orabug: 39131060] {CVE-2026-23382} - can: usb: f81604: handle bulk write errors properly (Greg Kroah-Hartman) - can: usb: f81604: handle short interrupt urb messages properly (Greg Kroah-Hartman) - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ucan: Fix infinite loop from zero-length messages (Greg Kroah-Hartman) - can: usb: f81604: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (Greg Kroah-Hartman) [Orabug: 39130814] {CVE-2026-23307} - net: usb: pegasus: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130748] {CVE-2026-23290} - net: usb: kalmia: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130996] {CVE-2026-23365} - net: usb: kaweth: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130831] {CVE-2026-23312} - nfc: pn533: properly drop the usb interface reference on disconnect (Greg Kroah-Hartman) - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (Jens Axboe) [Orabug: 39103137] {CVE-2026-23253} - namespace: fix proc mount iteration (Christian Brauner) - eventpoll: Fix integer overflow in ep_loop_check_proc() (Jann Horn) - net: arcnet: com20020-pci: fix support for 2.5Mbit cards (Ethan Nelson-Moore) - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book3 Pro 360 (NP965QFG) (Lewis Mason) - ALSA: hda/realtek: Add quirk for Gigabyte G5 KF5 (2023) (Eric Naim) - LoongArch: Remove some extern variables in source files (Tiezhu Yang) - LoongArch: Handle percpu handler address for ORC unwinder (Tiezhu Yang) - LoongArch: Remove unnecessary checks for ORC unwinder (Tiezhu Yang) - LoongArch/orc: Use RCU in all users of __module_address(). (Sebastian Andrzej Siewior) - ksmbd: add chann_lock to protect ksmbd_chann_list xarray (Namjae Jeon) - ksmbd: check return value of xa_store() in krb5_authenticate (Namjae Jeon) - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han) - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (Takashi Iwai) - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (Mario Limonciello) - usb: cdns3: fix role switching during resume (Thomas Richard) - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (Théo Lebrun) - usb: cdns3: remove redundant if branch (Hongyu Xie) - btrfs: zoned: fixup last alloc pointer after extent removal for RAID0/10 (Naohiro Aota) - btrfs: define the AUTO_KFREE/AUTO_KVFREE helper macros (Miquel Sabaté Solà) - btrfs: zoned: fix stripe width calculation (Naohiro Aota) - btrfs: zoned: fixup last alloc pointer after extent removal for DUP (Naohiro Aota) - btrfs: zoned: fixup last alloc pointer after extent removal for RAID1 (Naohiro Aota) - btrfs: zoned: fix alloc_offset calculation for partly conventional block groups (Johannes Thumshirn) - btrfs: fix periodic reclaim condition (Sun Yangkai) - btrfs: fix reclaimed bytes accounting after automatic block group reclaim (Filipe Manana) - btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work() (Filipe Manana) - btrfs: drop unused parameter fs_info from do_reclaim_sweep() (David Sterba) - uprobes: Fix incorrect lockdep condition in filter_chain() (Breno Leitao) - uprobes: switch to RCU Tasks Trace flavor for better performance (Andrii Nakryiko) - drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (Jeongjun Park) - drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (Xu Wang) - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (Jeongjun Park) - ima: kexec: define functions to copy IMA log at soft boot (Steven Chen) - kexec: define functions to map and unmap segments (Steven Chen) - ima: define and call ima_alloc_kexec_file_buf() (Steven Chen) - ima: rename variable the seq_file "file" to "ima_kexec_file" (Steven Chen) - ima: kexec: silence RCU list traversal warning (Breno Leitao) - clk: tegra: tegra124-emc: fix device leak on set_rate() (Johan Hovold) - arm64: dts: rockchip: Fix rk3588 PCIe range mappings (Shawn Lin) - arm64: dts: rockchip: Fix rk356x PCIe range mappings (Shawn Lin) - iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode (Jinhui Guo) [Orabug: 39331474] {CVE-2026-43161} - Input: synaptics_i2c - guard polling restart in resume (Minseong Kim) - Input: synaptics_i2c - replace use of system_wq with system_dfl_wq (Marco Crivellari) - workqueue: Add system_percpu_wq and system_dfl_wq (Marco Crivellari) - ext4: always allocate blocks only from groups inode can use (Jan Kara) - ext4: implement linear-like traversal across order xarrays (Baokun Li) - ext4: refactor choose group to scan group (Baokun Li) - ext4: convert free groups order lists to xarrays (Baokun Li) - ext4: factor out ext4_mb_scan_group() (Baokun Li) - ext4: factor out ext4_mb_might_prefetch() (Baokun Li) - ext4: factor out __ext4_mb_scan_group() (Baokun Li) - ext4: add ext4_try_lock_group() to skip busy groups (Baokun Li) - mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() (Joonwon Kang) [Orabug: 39331965] {CVE-2026-43281} - mailbox: Allow controller specific mapping using fwnode (Anup Patel) - mailbox: Use guard/scoped_guard for con_mutex (Peng Fan) - mailbox: Use dev_err when there is error (Peng Fan) - mailbox: remove unused header files (Tudor Ambarus) - mailbox: sort headers alphabetically (Tudor Ambarus) - mailbox: don't protect of_parse_phandle_with_args with con_mutex (Tudor Ambarus) - ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (Zhang Yi) [Orabug: 39452050] {CVE-2026-45985} - ext4: correct the comments place for EXT4_EXT_MAY_ZEROOUT (Yangerkun) - drm/tegra: dsi: fix device leak on probe (Johan Hovold) - ata: libata-scsi: avoid Non-NCQ command starvation (Damien Le Moal) [Orabug: 39451561] {CVE-2026-45855} - ata: libata: Introduce ata_port_eh_scheduled() (Damien Le Moal) - ata: libata: Remove ATA_DFLAG_ZAC device flag (Damien Le Moal) - ata: libata-scsi: Remove struct ata_scsi_args (Damien Le Moal) - ata: libata-scsi: Document all VPD page inquiry actors (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsiop_maint_in() (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsiop_read_cap() (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsi_simulate() (Damien Le Moal) - KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (Sean Christopherson) [Orabug: 39331893] {CVE-2026-43265} - media: dw9714: Fix powerup sequence (Ricardo Ribalda) - media: dw9714: add support for powerdown pin (Matthias Fend) - media: dw9714: move power sequences to dedicated functions (Matthias Fend) - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (Zilin Guan) - PCI: Use resource_set_range() that correctly sets ->end (Ilpo Järvinen) - resource: Add resource set range and size helpers (Ilpo Järvinen) - Revert "PCI: qcom: Don't wait for link if we can detect Link Up" (Niklas Cassel) - PCI: qcom: Don't wait for link if we can detect Link Up (Krishna Chaitanya Chundru) - Revert "PCI: dw-rockchip: Don't wait for link since we can detect Link Up" (Niklas Cassel) - PCI: dw-rockchip: Don't wait for link since we can detect Link Up (Niklas Cassel) - memory: mtk-smi: fix device leak on larb probe (Johan Hovold) - memory: mtk-smi: fix device leaks on common probe (Johan Hovold) - x86/acpi/boot: Correct acpi_is_processor_usable() check again (Yazen Ghannam) - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (Bjorn Helgaas) - bpf: Fix stack-out-of-bounds write in devmap (Kohei Enju) [Orabug: 39130977] {CVE-2026-23359} - bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (Fuad Tabba) [Orabug: 39131066] {CVE-2026-23383} - btrfs: fix compat mask in error messages in btrfs_check_features() (Mark Harmstone) - btrfs: print correct subvol num if active swapfile prevents deletion (Mark Harmstone) - btrfs: fix warning in scrub_verify_one_metadata() (Mark Harmstone) - btrfs: fix objectid value in error message in check_extent_data_ref() (Mark Harmstone) - btrfs: fix incorrect key offset in error message in check_dev_extent_item() (Mark Harmstone) - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (Richard Fitzgerald) - ALSA: pci: hda: use snd_kcontrol_chip() (Kuninori Morimoto) - drm/amdgpu: Fix locking bugs in error paths (Bart Van Assche) - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (Thorsten Blum) - drm/amdgpu: Unlock a mutex before destroying it (Bart Van Assche) - PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (Niklas Cassel) - PCI: dwc: ep: Use align addr function for dw_pcie_ep_raise_{msi,msix}_irq() (Niklas Cassel) - PCI: dwc: endpoint: Implement the pci_epc_ops::align_addr() operation (Damien Le Moal) - PCI: endpoint: Introduce pci_epc_mem_map()/unmap() (Damien Le Moal) - PCI: endpoint: Introduce pci_epc_function_is_valid() (Damien Le Moal) - s390/vtime: Fix virtual timer forwarding (Heiko Carstens) - s390/idle: Fix cpu idle exit cpu time accounting (Heiko Carstens) - perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (Peter Zijlstra) [Orabug: 39110643] {CVE-2026-23271} - ALSA: usb-audio: Use inclusive terms (Takashi Iwai) - ALSA: usb-audio: Cap the packet size pre-calculations (Takashi Iwai) - scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (Peter Wang) - cgroup/cpuset: Fix incorrect use of cpuset_update_tasks_cpumask() in update_cpumasks_hier() (Waiman Long) - rseq: Clarify rseq registration rseq_size bound check comment (Mathieu Desnoyers) - x86/fred: Correct speculative safety in fred_extint() (Andrew Cooper) [Orabug: 39130960] {CVE-2026-23354} - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (Geoffrey D. Bennett) - ALSA: scarlett2: Fix DSP filter control array handling (Geoffrey D. Bennett) - ALSA: scarlett2: Fix redeclaration of loop variable (Geoffrey D. Bennett) - scsi: pm8001: Fix use-after-free in pm8001_queue_command() (Salomon Dushimirimana) [Orabug: 39130811] {CVE-2026-23306} - scsi: lpfc: Properly set WC for DPP mapping (Mathias Krause) - irqchip/sifive-plic: Fix frozen interrupt due to affinity setting (Nam Cao) - KVM: arm64: Hide S1POE from guests when not supported by the host (Fuad Tabba) - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (Felix Gu) - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (Ian Forbes) [Orabug: 39130850] {CVE-2026-23317} - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (Brad Spengler) [6.12.0-204.76.1] - uek-rpm: BF3: Enable CONFIG_DMI (Jeremy Tang) [Orabug: 39360834] - kabi: update FIPS kABI files (Saeed Mirzamohammadi) [Orabug: 39334603] - KEYS: Reserve key usage values (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS MPI helpers private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS compression helpers private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS helper library symbols private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - clamp num_mb to avoid divide-by-zero (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - stop ahash speed tests when setkey fails (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add x86 GHASH CLMUL to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add fixed-time AES to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - fips: add scatterwalk to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: avoid auto-load for arch specific impls (Saeed Mirzamohammadi) [Orabug: 39334603] - arm64/crypto: wire up FIPS aliases and helpers (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: share alg registry between FIPS and base kernel (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep crypto_user out of the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - skip retest in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: skip redundant FIPS self-module signature check (Saeed Mirzamohammadi) [Orabug: 39334603] - scripts: fail cleanly on arm64 boot image formats (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto/hkdf: Skip tests with keys too short in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39334603] - uek-rpm: build module symvers before fips140.ko (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add crc64_rocksoft_generic to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add keywrap to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add cts to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: convert kdf_sp800108 to CRYPTO_API() (Saeed Mirzamohammadi) [Orabug: 39334603] - fips: drop ansi_cprng and revert ansi_cprng FIPS hooks (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto/testmgr: mark xxhash64 as fips disallowed (Saeed Mirzamohammadi) [Orabug: 39334603] - Revert "fips: add xxhash64-generic to FIPS module" (Saeed Mirzamohammadi) [Orabug: 39334603] - asm-generic/vmlinux.lds.h: remove unreachable FIPS140 branch (Saeed Mirzamohammadi) [Orabug: 39334603] - btrfs: switch to library APIs for checksums (Eric Biggers) [Orabug: 39334603] - lib/crypto: blake2b: Add BLAKE2b library functions (Eric Biggers) [Orabug: 39334603] - byteorder: Add le64_to_cpu_array() and cpu_to_le64_array() (Eric Biggers) [Orabug: 39334603] - iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209026] - iommu/amd: Use GA Log-aware handler for legacy MSI interrupts (Joao Martins) [Orabug: 39209026] - iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209026] - iommu/amd: Add GA Log-aware primary IRQ handler (Joao Martins) [Orabug: 39209026] - iommu/amd: Allow x2APIC interrupt setup to use primary IRQ handlers (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209026] - iommu/amd: Use core's primary handler and set IRQF_ONESHOT (Sebastian Andrzej Siewior) [Orabug: 39209026] [6.12.0-203.76.5] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384273,39391434,39407652] {CVE-2026-46333} [6.12.0-203.76.4] - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218893] {CVE-2025-54518} - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) [Orabug: 39334587,39356061] {CVE-2026-43500} - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (David Howells) [Orabug: 39334587,39452112] {CVE-2026-46000} - rxrpc: only handle RESPONSE during service challenge (Jie Wang) [Orabug: 39263367,39334587] {CVE-2026-31676} - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets (David Howells) [Orabug: 39334587] - rxrpc: Fix potential UAF after skb_unshare() failure (David Howells) [Orabug: 39334587,39452107] {CVE-2026-45998} - rxrpc: Fix re-decryption of RESPONSE packets (David Howells) [Orabug: 39334587,39452067] {CVE-2026-45988} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334587,39367145] {CVE-2026-43284} - bcm-hsdk-gpl: Fix build issues for HSDK 6.5.34 (Vijay Kumar) [Orabug: 39342234] - bcm-hsdk-gpl: Update BCM HSDK GPL driver to 6.5.34 (Vijay Kumar) [Orabug: 39342234] - minke-fan-cpld: Avoid logging 'unknown fan id' when no fan is present (Arista-Hpandya) [Orabug: 39335238] - exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327035] - perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327035] - Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327035] - octeontx2-af: cn20k: Fix RVU AF interrupt handler (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Move QMEM allocations from GFP_KERNEL to ATOMIC (Sunil Kovvuri Goutham) [Orabug: 39318904] - bphy-pf: CNF20Ka: poll MHABs based on cpri_mask instead of fixed count (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: Add devlink param for NIX RQ caching (Nishok A) [Orabug: 39318904] - octeontx2-af: cn20k: Fix the RVUAF->PF mbox address (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add devlink and debugfs support for NPA DWRR registers. (Anshumali Gaur) [Orabug: 39318904] - cn20k-af: psw: Fix build warning (Srujana Challa) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix AI review comments. (Ratheesh Kannoth) [Orabug: 39318904] - cn20k-af: psw: add mailbox to write to PSW MSIX registers (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add debugfs support for psw (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: introduce a mailbox to program PSW mbox msix vector (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add PSW AF API Notification queue support (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add FLR handler for PSW (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setup PSW timed polling structure tables (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox for PSW PCIe configuration (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox for PSW LF mapping (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add new mailbox for PSW doorbell configuration (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setups PSW FID resources (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setup PSW GID resources (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox to get PSW capabilities (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: register PSW AF interrupts (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: introduce PSW block (Srujana Challa) [Orabug: 39318904] - octeontx2-af: limit max periodic timers for cn20k (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Make default entries as x4. (Ratheesh Kannoth) [Orabug: 39318904] - octeonxt2-af: npc: Fix bugs (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: cn20ka: fix call trace in otx2_unregister_dl() after kernel reboot. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-pf: cn20ka: fix call trace in otx2vf_remove after kernel reboot. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: cn20k: Configure default CPT_AF_UCC_CTL for IPsec error codes (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: CN20k: add support for RFOE4 on half MP (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: Fix kernel crash during eswitch creation (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Use ZERO_OR_NULL_PTR for cgxchan2link_map (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20K: mcs: Add parser configuration for VLAN extraction (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support for single SBTAG parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix SDP channel base (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: mcs: Add MCS DSA tag parsing configuration support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Avoid any false positives for Altaf (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npc: Fix broadcast MCAM entry type on CN10K (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: cn20k: Add platform check. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-bphy-netdev: add get_link_ksettings to fix SIOCETHTOOL error (Sai Krishna) [Orabug: 39318904] - octeontx2-af: npc: cn20k: dont free default mcam indexes (Ratheesh Kannoth) [Orabug: 39318904] - bphy-pf: CNF20ka: Replace deprecated MSI-X API in CPRI netdev driver (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix kernel warn. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Mismatch stats. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Dont free PF default mcam indexes. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: FIx invalid access (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: dstats (Ratheesh Kannoth) [Orabug: 39318904] - octeonxt2-af: npc: cn20k: show enable/disable status. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: debugfs for virtual indexes (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix AI reviews (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Alloc default indexes during nix lf alloc (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix default mcam idx free (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: Remove SoC specific local variables. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: mcs: Fix SC resource cleanup loop (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: mcs: Add SC CAM bypass entry (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Modify the pcifunc VF mask (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: update the AFPFX_TRIGX reg offset (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: Fix rvu mbox registers offset (Geetha Sowjanya) [Orabug: 39318904] - octeontx2: sdp: Display backpressure status in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Fix aura BPID assignment when CONFIG_DCB is enabled (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: add bounds check in nix_bp_enable (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: cn20k: Set a default value for res_meta_offset (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: Support mapping of individual slots to RVU block LFs (Subbaraya Sundeep) [Orabug: 39318904] - cn20k-af: ml: improve AF register access control (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: fetch list of LF IDs attached (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: fix using uninitialized partition ID (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable mapping LF to partition ID (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable mapping LF with partitions (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support ML lf alloc and free (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support fetching msix offset for ML (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support attach and detach of ML LFs (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: add support to fetch ML capabilities (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: implement ML mbox message handler (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: register ML interrupt handlers (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: implement hw resource setup and free (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable ML block probe and remove (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: add skeleton code for ML EB driver (Prince Takkar) [Orabug: 39318904] - octeontx2-pf: cn20k: Add CN20K TX SecY policy bit support (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: cn20k: mcs: Set default mcs Id to 0. (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: cn20k: Fix memleak in npc_install flow (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix flags for HWWQE period timers (Mikko Suni) [Orabug: 39318904] - octeontx2-af: cn20k: Use physical address for AF->PF mbox (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: update fields of CPT_AF_LFX_CTL (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: cn20k: configure RX inline replay (Shashank Gupta) [Orabug: 39318904] - Octeontx2-af: cn20k: configure inline RQ mask (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Don't initialize ipsec queues for representor PF. (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-bphy-pf: CNF20ka: BPHY NIC PF driver for chiplet based BPHY NIX bypass mode (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: fix npc mbox structure defination (Mohit Kumar Parjapat) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Avoid SoC specific structures (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix get number of kw (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: cancel work before destroying wq. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx: switch: Fix compiler warnings. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: selftest: Use unique mbox ids (Linu Cherian) [Orabug: 39318904] - octeontx: pan: Disable WQ after unregister notifier (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Define new flag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix bugs. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Update mcam_idx for reply flow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Support ovs offloading (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Support mask as well for flow. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Pass tuple mask as well to flow. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Retrieve VLAN infor for L3 routing (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Add vlan tag as part of message (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Dont process events if switchdev is not up (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: make functions static (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix graceful shutdown. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Notify switchdev on NF table callback (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Support SNAT/DNAT routing (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Reject acceleration for invalid bridge (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Fix buffer overflow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix below kernel splat (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switchdev: Register for Route events. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switchdev: Forward route notifications. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switchdev: Add driver support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switchdev: L2 offload support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Remove devlink support for SDP VF NIC driver (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: Handle pool context address update in Aura context write (Ashwin Sekhar T K) [Orabug: 39318904] - octeontx2-af: CN20k: fix unused-function warning (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-pf: Move representor event handling into common file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix Rep link state sync up with PF/VFs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Fix DPC config mbox (Ashwin Sekhar T K) [Orabug: 39318904] - Octeontx2-pf: Fix transceiver details corruption (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: change GEN PF device ID (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20K: Fetch LBK supported channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix limiting SRIOV VF count logic (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: Fix KASAN slab-out-of-bounds error (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: Update irq affinity for mbox and flr (Linu Cherian) [Orabug: 39318904] - octeontx2-af: cn20k: Add FLR/ME support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Fix possible memleak while mbox init (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Map alternative AF NIX_AF_GINT only for CN10K (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support to forward error interrupts to alt AF (Anil Kumar Reddy) [Orabug: 39318904] - octeontx2-af: Add support to forward flr to alternative AF (Anil Kumar Reddy) [Orabug: 39318904] - octeontx2-af: Update Alternative AF status (Linu Cherian) [Orabug: 39318904] - octeontx2-af: cn20k: Cleanup AF interrupt vector (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Do not hardcode AF bus number in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix rsrc_alloc debugfs file (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Add devlink option to reset MAC stats for debugging (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add devlink for defrag initiation (Ratheesh Kannoth) [Orabug: 39318904] - net: octeontx2: Fix coding style issues (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: Fix mcs string buffer size (Stefan Wiehler) [Orabug: 39318904] - octeontx2-af: Skip TM tree print for disabled SQs (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: debugfs: Add cn20k sdp rings info (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix kernel crash during NIX TM register dump (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: cpt: Add debug support for more than 64 engines. (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Update engine offset calculation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Add support to display "Autoneg" (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-vf: Set tc filter flag on vf netdev (Suman Ghosh) [Orabug: 39318904] - Octeontx2-pf: Update link mode mapping (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-pf: Fix ethtool eeprom read logic (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: ethtool: Display physical connector type (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: restart interface when link settings are changed by user (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 39318904] - octeontx2-vf: Add partial ethtool support for SDP VFs (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Add page pool stats to ethtool (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Add missing changes in otx2_ethtool.c (Suman Ghosh) [Orabug: 39318904] - Octeontx2-pf: tc: fix egress ratelimiting (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Support to enable EDSA/Higig2 pkts parsing (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Using compound/head page ref count (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Fix NDC sync operation errors (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: cn20k: fix target address (Juan Garcia) [Orabug: 39318904] - octeontx2-pf: Check address for Null before free (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Add soft reset sequence in mcs_global_cfg() (Viswajith Murali) [Orabug: 39318904] - octeontx2-pf: mcs: Don't account field alignment when installing TX SecY policy (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix start and end bit for scan config (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: npc: cn20k: Remove function (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: npc: cn20k: refactor code (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cgx: misc changes (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: reset TL1 SW_XOFF before returning from link mode change (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Update mbox version (Sunil Kovvuri Goutham) [Orabug: 39318904] - cn10k-ipsec: Fix compilation with XFRM_OFFLOAD enabled (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-vf: Register dummy netdev for host PF VFs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: cn20k: Configure SQ default channel based on UP message (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Dereference only a valid pointer (Suman Ghosh) [Orabug: 39318904] - octeontx2-vf: Fix VF mbox up message error on PTP RX enable (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: Add support for creating netdev interfaces for SDP VFs (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Add more debug messages (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 39318904] - cn10k-ipsec: fix uninitialized send queue during ESP offload (Shashank Gupta) [Orabug: 39318904] - cn10k-ipsec: Initialize ipsec queues on enabling IPsec (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: cn10k/cn20k: Update count_eot in NPA_LF_AURA_BATCH_FREE0 (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: persist netdev stats across routine operations (Anshumali Gaur) [Orabug: 39318904] - octeontx2-pf: Add self test (Linu Cherian) [Orabug: 39318904] - octeontx2-pf: Add ethtool -m option support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Skip dma map and unmap when IOMMU is bypassed (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-pf: Add NIXLF error/poison interrupt handlers (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-pf: Validation for TL1 Round robin priority (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: devlink param support to modify physical interface links. (Rakesh Babu Saladi) [Orabug: 39318904] - octeontx2-pf: Add devlink param to vary rbuf size (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Add devlink param to vary cqe size (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: CN20k: add multi chiplet support to NIX path (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Enable TX PTP timestamping on BPHY NIX link (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cn10k: Fix accessing invalid CSRs (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: fix fwdata NULL pointer dereference when RPM probe fails (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Map BPHY chiplet RPMs followed by compute chiplet RPMs (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Add chiplet RPM AF mbox support for port ready, get channel info messages. (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cnf20k: account for XCB RPM links in CGX link calculation (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Add support for chiplet based BPHY RPM driver as AF RVU extension block module (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Add BPHY chiplet, RPM, LMAC data to fwdata (Sai Krishna) [Orabug: 39318904] - bphy-pf: CNF20ka: Register driver with PCI subsys ID (Anshumali Gaur) [Orabug: 39318904] - bphy-pf: CNF20ka: Fix MSI-X init failure by setting both DMA masks (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20K: Add build and config support for CPRI PF driver to avoid module conflicts (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Fix CPRI MSI-X initialization failure (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Add workaround for gpint issue for CPRI pkt path (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Add cpri netdev driver support (Viswajith Murali) [Orabug: 39318904] - octeontx-bphy-netdev: Fix unexpected packet in netdev by ensuring proper PSW hardware write handling (Viswajith Murali) [Orabug: 39318904] - octeontx2-bphy-netdev: allow forcing ts steps cnt (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix fec counters reporting (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix ecpri pkt stats update (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix ecpri type5 handling (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix a deadlock in cpri (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix race condition for timestamp packets (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix kernel crash by using proper max PSM queue count (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: protect psm queue access (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix debugfs memleak (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Detect DL circular buffer full (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-bphy-netdev: fix rsfec stats reading (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Support for eCPRI MsgType5 timestamping (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: Use correct netdev priv structure for debugging (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: disable CPRI RX on cleanup (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: ignore mcs untagged error (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: disable rx on RFOEs on exit (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix crash issue during initialization of cpri, rfoe interfaces on set MAC address (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: OcteonTX2 Base PHY RFOE netdev driver (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver msix, interrupt handling (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Move DPI block reset handling to AF extension block driver (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver channel table mbox support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver mbox support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver initial support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cn20k: Don't reset the PF_DISC register (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: CN20K: update RPM links (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: cn20k: Add block discovery register (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix PTP RX enable mbox fail issue over NIC VF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Modify NIX register offset value for CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Validate NIX maximum LFs correctly (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix incorrect BPID initialization for CPT channels (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Allow CPT PF access to CPT_AF_GRPX_THR (Shashank Gupta) [Orabug: 39318904] - octeontx2-af: cn20k: support packet data buffer (pdb) configuration (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Set LBK channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: cn20k: Fix config parameter check when disable inline queue (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Enable CPT parse and Frag info header byte swap (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Add an MCAM entry to count CPT 2nd pass miss packets (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Use proper mask to get max CPT LF's (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: allow mbox access from CPT VFs for backward compatibility (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: Drop CPT PF/VF check for relevant mboxes (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Change CPT channels configuration (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Allow CPT PF access to CPTX_AF_CTX_PSP_TIMER_CTL (Shashank Gupta) [Orabug: 39318904] - octeontx2-af: cn20k: change CPT register address as per latest csr (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Allow access to CPT_AF_UCCX_CTL (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: CN20K channel configuration (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: cn20k: Enable RXC on inline inbound cptlf (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Fix RXC flush and cleanup sequence (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add CPT CTX flush support (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: fix CPT ctx flush (Srujana Challa) [Orabug: 39318904] - octeontx2-af: cn20k: Setup CPT reassembly Queue Configuration Register (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Move RXC specific functions (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: cn20k: handle multi-queue reassembly teardown (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for NIX RX inline configuration (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for CPT RX inline configuration (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for CPT RX queue allocation (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Add mbox to configure rx inline nixlf (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add mbox to configure rx inline profile (Bharat Bhushan) [Orabug: 39318904] - crypto: octeontx2: Add new mailbox to set queue priority (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Add rxc teardown support (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add queue id to rxc time config mbox (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add cpt stats mailbox support (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: add FLT interrupts (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: Unify HW interrupt APIs (Amit Singh Tomar) [Orabug: 39318904] - octeontx-af: cpt: Get CPT PF number using PF Device ID (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Update max engine calculation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Add TC rules support for CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Set correct sequence for carrier off and tx queue stop (Suman Ghosh) [Orabug: 39318904] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Free queue memory allocated sq timestamp (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Check for DMAC extraction support before setting DMAC based hardware filter for a VF (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Move REP devlink APIs to separate file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix representor up notification events (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Use ews_rules value to update REP tcam rules (Geetha Sowjanya) [Orabug: 39318904] - Octeontx2-af: Change args for rvu_get_pf (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add validation before accessing fwdata (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: map management port always to first PF (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: replace generic error codes (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: link mode mapping (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Assign CGX id from PCI revision id (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: lmac validation with is_lmac_valid (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix compilation warning/klockwork issues (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: configure 802.3 pause frames in SGMII/QSGMII mode (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Do not allow VFs to overwrite PKIND config (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Put CGX LMAC also in Higig2 mode (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-sdp: Add FLR interrupts for Host PFs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Refactor SDP interrupts code (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Fix SDP channel numbers in NPC rules (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Check whether SDP block is present before access (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: sdp: Fix address range assignment logic (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: sdp: Maintain host to RVU GEN PF mapping (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: misc SDP fixes (Hariprasad Kelam) [Orabug: 39318904] - octeontx-af: cn20k: Manage rings allocation and freeing (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: CN20K: SDP mbox framework (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: CN20K: SDP extension driver (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-pf: enable AF_XDP zero copy support (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix clearing TL3_TL2X_LINKX_CFG[ENA] during SMQ flush to drop packets (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Fix ROCEV2 RSS hashing QP ID length (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Allow to set CPT result address offset (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for NIX flow vector configuration (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: add ROCEv2 header for RSS hashing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Update lbk maximum frame size as per CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: fix TX scheduler count (Satha Rao) [Orabug: 39318904] - octeontx2-af: Fix the issue of infinite loop in nix_aq_reset (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Misc changes in NIX block (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Dump hw register state on error (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add new mailbox to configure LSO alt flags (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Extend SPI to SA index translation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: notify VF about ptp event (Harman Kalra) [Orabug: 39318904] - octeontx2-af: Sending tsc value to the userspace (Harman Kalra) [Orabug: 39318904] - octeontx2-af: Support for PTP notification to PF (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: npa: fix DPC permit register access (Ashwin Sekhar T K) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add DPC support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add debugfs support for Halo (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add NPA Halo support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Fix number of entries in the kpu3 cam (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix subbank count (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix number of entries in the kpu2 cam (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add mbox to read default rule (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: kpu: Input validation check. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: kpu: Fix lodable profile issue (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Convert to C99 flexible array (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Restore stats in defrag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Flow delete and free mbox (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Add traces in NPC mailboxes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix KPU9 state variable for ROCEV2 (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add support for ROCEv2 header parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add more VLAN tag parsing in case of E-tag (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add changes to fragment flags for cn20k (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Avoid updating cn10k registers during cn20k reboot (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Do not access match stats for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: Update NPC CSRs (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix out of bound access in entry2counter array (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix initialization of mcam's entry2target_pffunc field (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: add changes to fragment flag extraction in parse nibble (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix CPT CGX channel mask for cn20k (Sai Krishna) [Orabug: 39318904] - octeontx2-af: add changes to fragment flag in KPU profile for CN20K (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: fix mcam hit counter (Satheesh Paul A) [Orabug: 39318904] - Revert "octeontx2-af: npc: cn20k: Get base steer rule index." (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: fix rule type for LBK VF (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: Fix failed to load custom pfl warning (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: add changes to update CPT pad length offset in KPU (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix search order (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: Use dev_dbg() (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix compilation warnings (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2: cn20k: npc: Set action2 for x2 entries. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cn20k: Enable action2 programming in npc (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Set default profile DYNAMIC (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix csr register field offset. (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Reject request for x4 entries in x2 profile. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Alloc mcam entry for install flow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Disable fw load faiure warning (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Load custom kpu profile from filesystem. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix install flow priority (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: cn20k: Add support for custom mkex profiles (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Get base steer rule index. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Stats support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cn20k: Reject mcam alloc mbox with invalid keytype (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: cn20k: Reserve x4 key mcam entries for ntuple (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Get kex related info from PF. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix parse result nibble mask reading. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Set correct nibble bits for cn20k (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix parse nibble mask (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Avoid accessing cn10k registers (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Add new mailboxes for CN20K silicon (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix npc_mcam_get_hit_status mbox for cn10k (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Convert vidx to mcam_idx in mbox handler (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add an mbox interface to defrag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: defragmentation support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Introduce virtual mcam index (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Validate mcam index before enable/disable (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add new mailboxes to get kex config and free counts (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Use common APIs to read/write/copy/enable mcam entry (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Add a new mbox to read/write MCAM hit status (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: debugfs support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Use common APIs to alloc/free/get mcam index. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Allocate default mcam indexes. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Modify alloc entry mailbox (Suman Ghosh) [Orabug: 39318904] - ocetontx2-af: npc: cn20k: MKEX profile support (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: KPM profile changes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Index management. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix Support of FDSA tag (George Cherian) [Orabug: 39318904] - octeontx2-af: Support for FDSA tag (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Adding changes to parse stacked VLANs (Kiran Kumar K) [Orabug: 39318904] - Octeontx2-af: Skip overlap check for SPI field (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix issue with GRE parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add support to parse more VLAN headers (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix issue with IPV6 GRE and multi VLAN (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add KPU changes to parse fabric path header (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add few missing changes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: allow second pass pkts via default ucast entry (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: suppress kpu profile loading warning (Harman Kalra) [Orabug: 39318904] - octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: Add NPC support to filter GTP-U and GTP-C packets based on TEID (Suman Ghosh) [Orabug: 39318904] - octeontx2: cn20k: Assign unique MCS IDs based on PCI enumeration (Subrat Pandey) [Orabug: 39318904] - octeontx2-pf: Choose macsec encryption offload per packet (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: mcs: Use new SCI CAM in hardware (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: mcs: Fix mcs resources free on PF shutdown (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Add devlink parameter to toggle MCS bypass mode (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Display port mapped stats for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: Add MCS LMAC channel and count configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: mcs set mcs id and silicon check (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Fix mcs tx_sa_map API (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add mcs PN threshold support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: MCS add port configure APIs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: Add MCS parser configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Fix mcs register offsets (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Fix unsupported secy stats read (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add MCS support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: mcs: Remove SA stats support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cnf10k-b: mcs: Fix stats reg address (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 39318904] - octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 39318904] - octeontx2-af: sso: clear all the sets on init (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: tim: add ring priority support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: update TIM interval support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: moderate SSO AF error interrupts (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: lower TIM bucket skip IRQ log level (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: remove GTI clock adjustment (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: update xaq aura offset (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: cleanup SSO EVA on LF reset (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO HW info mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO AGGR config and stats mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO EVA error interrupts (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: update masks for CN20K resources (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: Fixed compilation warnings (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: fix interval flag check (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add TIM hardware info mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add TIM HWWQE mbox support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add mbox to capture counters (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: reveal only TIM params that are available (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: add TIM error af interrupt handlers (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: clear state on TIM ring disable (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: disable preemption when enabling TIM (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: account for cycle wraparound (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: prevent TIM register read reorder (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: fix arguments passed to XAQ aura deinit (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: debugfs: fix undefined SSO register access (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: cn10k: devlink params to configure TIM (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: TIM: Set conditional clock always on (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Apply relevant HW issue workarounds for 96xx B0 silicon (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: Add SSO and TIM units support to the AF driver (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: enable rxc with lookaside cpt lf (Vidya Sagar Velumuri) [Orabug: 39318904] - octeontx2-af: fix issue with spitosa table teardown (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: fix cflags include paths (Wladislav Wiebe) [Orabug: 39318904] - octeontx2-af: Move out REE mbox messages (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add generic mbox handler for Eblock (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Use AF extension block interface (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add RVU AF extension block interface (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Introducing REE block for 98xx (Smadar Fuks) [Orabug: 39318904] - octeontx2-af: fix VF bringup affecting PF promiscous state (Harman Kalra) [Orabug: 39318904] - octeontx2-af: consider mode when using cpt base channel for bp (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: Update minimum receive frame size (Sathesh Edara) [Orabug: 39318904] - octeontx2-af: set default min and max rx len for CPT link (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: add NIX mbox message to get HW info (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: fix inline inbound IPsec configuration (Srujana Challa) [Orabug: 39318904] - octeontx2-af: support for custom L2 header (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: fix to get different rq mask (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: poll for tx link credits before link mode change (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Handle physical link state change requests (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add mbox to alloc/free BPIDs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Dynamically allocate bpids for CPT and LBK (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support for SPI to SA index translation (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: add new mbox to support sync cycle on rx path (Satha Rao) [Orabug: 39318904] - octeontx2-af: add support for changing vlan tpid (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-pf: Fix devm_kcalloc() error checking (Dan Carpenter) [Orabug: 39318904] - octeontx2-pf: Use new bandwidth profiles in receive queue (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Display new bandwidth profiles too in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Accommodate more bandwidth profiles for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Initialize new NIX SQ context for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Initialize cn20k specific aura and pool contexts (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Skip NDC operations for cn20k (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Extend debugfs support for cn20k NPA (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add cn20k NPA block contexts (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Extend debugfs support for cn20k NIX (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Add cn20k NIX block contexts (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Simplify context writing and reading to hardware (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: convert to ndo_hwtstamp API (Vadim Fedorenko) [Orabug: 39318904] - Octeontx2-af: Fix pci_alloc_irq_vectors() return value check (Harshit Mogalapalli) [Orabug: 39318904] - Octeontx2-af: Fix missing error code in cgx_probe() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-pf: fix bitmap leak (Bo Sun) [Orabug: 39318904] - octeontx2-vf: fix bitmap leak (Bo Sun) [Orabug: 39318904] - octeontx2-af: Remove unused declarations (Yue Haibing) [Orabug: 39318904] - Octeontx2-af: Fix NIX X2P calibration failures (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-vf: Fix max packet length errors (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Broadcast XON on all channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: use unsigned int as iterator for unsigned values (Simon Horman) [Orabug: 39318904] - net: Fix typos (Bjorn Helgaas) [Orabug: 39318904] - Octeontx2-af: Debugfs support for firmware data (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: RPM: Update DMA mask (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Disable stale DMAC filters (Subbaraya Sundeep) [Orabug: 39318904] - Octeontx2-af: Add programmed macaddr to RVU pfvf (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix error code in rvu_mbox_init() (Dan Carpenter) [Orabug: 39318904] - Octeontx2-pf: ethtool: support multi advertise mode (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Introduce mode group index (Hariprasad Kelam) [Orabug: 39318904] - Octeontx-pf: Update SGMII mode mapping (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix rvu_mbox_init return path (Subbaraya Sundeep) [Orabug: 39318904] - Octeontx2-pf: Fix Backpresure configuration (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: CN20K mbox implementation between PF-VF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20K mbox implementation for AF's VF (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: CN20K mbox REQ/ACK implementation for NIC PF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k mbox to support AF REQ/ACK functionality (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k basic mbox operations and structures (Sai Krishna) [Orabug: 39318904] - octeontx2: Set appropriate PF, VF masks and shifts based on silicon (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Avoid typecasts by simplifying otx2_atomic64_add macro (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Annotate mmio regions as __iomem (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: macsec: Get MACSEC capability flag from AF (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Add MACSEC capability flag (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Send Link events one by one (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: NPC: Clear Unicast rule on nixlf detach (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Avoid adding dcbnl_ops for LBK and SDP vf (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Add tracepoint for NIX_PARSE_S (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Add new tracepoint otx2_msg_status (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Add pcifunc also to mailbox tracepoints (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Display names for CPT and UP messages (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: convert dev_dbg to tracepoint in mbox (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Fix ethtool support for SDP representors (Hariprasad Kelam) [Orabug: 39318904] - net: octeontx2: Use pure PCI devres API (Philipp Stanner) [Orabug: 39318904] - octeontx2-pf: AF_XDP: code clean up (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Remove unused rvu_npc_enable_bcast_entry (Dr. David Alan Gilbert) [Orabug: 39318904] - xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} (Cosmin Ratiu) [Orabug: 39318904] - octeontx2-pf: handle otx2_mbox_get_rsp errors (Chenyuan Yang) [Orabug: 39318904] - net: octeontx2: Handle XDP_ABORTED and XDP invalid as XDP_DROP (Lorenzo Bianconi) [Orabug: 39318904] - octeontx2-af: mcs: Remove redundant 'flush_workqueue()' calls (Chen Ni) [Orabug: 39318904] - net: octeontx2: Add metadata support for xdp mode (Lorenzo Bianconi) [Orabug: 39318904] - xfrm: provide common xdo_dev_offload_ok callback implementation (Leon Romanovsky) [Orabug: 39318904] - octeontx2: hide unused label (Arnd Bergmann) [Orabug: 39318904] - octeontx2-pf: AF_XDP zero copy transmit support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Prepare for AF_XDP (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Reconfigure RSS table after enabling AF_XDP zerocopy on rx queue (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: AF_XDP zero copy receive support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: use xdp_return_frame() to free xdp buffers (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: mcs: Remove dead code and semi-colon from rsrc_name() (Nihar Chaithanya) [Orabug: 39318904] - octeontx2-pf: fix error handling of devlink port in rvu_rep_create() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-pf: fix netdev memory leak in rvu_rep_create() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-af: fix build regression without CONFIG_DCB (Arnd Bergmann) [Orabug: 39318904] - cn10k-ipsec: Fix compilation error when CONFIG_XFRM_OFFLOAD disabled (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Fix installation of PF multicast rule (Geetha Sowjanya) [Orabug: 39318904] - cn10k-ipsec: Enable outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Allow ipsec crypto offload for skb with SA (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Process outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Add SA add/del support for outb ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Init hardware for outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Disable backpressure between CPT and NIX (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Move skb fragment map/unmap to common code (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: map skb data as device writeable (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Fix SDP MAC link credits configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Fix spelling mistake "reprentator" -> "representor" (Colin Ian King) [Orabug: 39318904] - octeontx2-pf: Adds TC offload support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Implement offload stats ndo for representors (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add devlink port support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add representors for sdp MAC (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Configure VF mtu via representor (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add support to sync link state between representor and VFs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Get VF stats via representor (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add packet path between representor and VF (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add basic net_device_ops (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Create representor netdev (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: RVU representor driver (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Knobs for NPC default rule counters (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Refactor few NPC mcam APIs (Linu Cherian) [Orabug: 39318904] - octeontx2-pf: Move shared APIs to header file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Reuse PF max mtu value (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add new APIs for queue memory alloc/free. (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Define common API for HW resources configuration (Geetha Sowjanya) [Orabug: 39318904] - net: marvell: use ethtool string helpers (Rosen Penev) [Orabug: 39318904] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 39268116] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167615,39361444] {CVE-2026-31402} - netfilter: nf_tables: always walk all pending catchall elements (Florian Westphal) [Orabug: 39110670,39361449] {CVE-2026-23278} - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103229,39361451] {CVE-2026-23270} [6.12.0-203.76.3] - sched/deadline: Use revised wakeup rule for dl_server (Peter Zijlstra) - netfilter: nfnetlink_queue: make hash table per queue (Florian Westphal) [Orabug: 39339273] {CVE-2026-43084} - netfilter: nfnetlink_queue: nfqnl_instance GFP_ATOMIC -> GFP_KERNEL_ACCOUNT allocation (Scott Mitchell) - Revert "drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt" (Sasha Levin) - Revert "drm/xe/mmio: Avoid double-adjust in 64-bit reads" (Sasha Levin) - iommu/amd: Fix ivrs_base memleak in early_amd_iommu_init() (Zhen Ni) [Orabug: 39145066] - iommu/amd: Fix header file (Vasant Hegde) [Orabug: 39145066] - iommu/amd: Preserve default DTE fields when updating Host Page Table Root (Alejandro Jimenez) [Orabug: 39145066] - iommu/amd: Enable support for up to 2K interrupts per function (Kishon Vijay Abraham I) [Orabug: 39145066] - iommu/amd: Rename DTE_INTTABLEN* and MAX_IRQS_PER_TABLE macro (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Replace slab cache allocator with page allocator (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Introduce generic function to set multibit feature value (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Remove amd_iommu_apply_erratum_63() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Lock DTE before updating the entry with WRITE_ONCE() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Modify clear_dte_entry() to avoid in-place update (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce helper function get_dte256() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Modify set_dte_entry() to use 256-bit DTE helpers (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce helper function to update 256-bit DTE (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce struct ivhd_dte_flags to store persistent DTE flags (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Disable AMD IOMMU if CMPXCHG16B feature is not supported (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Misc ACPI IVRS debug info clean up (Suravee Suthikulpanit) [Orabug: 39145066] - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250685,39331108] {CVE-2026-43078} - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250685] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250685,39300909] {CVE-2026-43033} - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250685] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250685,39452215] {CVE-2026-46028} - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250685,39283866,39291972,39292190] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250685] {CVE-2026-31431} - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250685] - iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39260974] [6.12.0-203.76.2] - Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39276980] - uek-rpm/config-aarch64: Enable NVIDIA-recommended Vera-Rubin configs (Vijay Kumar) [Orabug: 39157707] - kselftest/arm64: Add HWCAP test for FEAT_LS64 (Yicong Yang) [Orabug: 39157707] - arm64: Provide basic EL2 setup for FEAT_{LS64, LS64_V} usage at EL0/1 (Yicong Yang) [Orabug: 39157707] - perf: arm_spe: Relax period restriction (Leo Yan) [Orabug: 39157707] - perf/arm_cspmu: Add PMEVFILT2R support (Robin Murphy) [Orabug: 39157707] - ACPI: CPPC: Add IS_OPTIONAL_CPC_REG macro to judge if a cpc_reg is optional (Lifeng Zheng) [Orabug: 39157707] - dt-bindings: gpio: Add Tegra256 support (Prathamesh Shete) [Orabug: 39157707] - perf/arm_cspmu: nvidia: Add revision id matching (Besar Wicaksono) [Orabug: 39157707] - arm64: Handle BRBE booting requirements (Anshuman Khandual) [Orabug: 39157707] - arm64: el2_setup.h: Make __init_el2_fgt labels consistent, again (Rob Herring) [Orabug: 39157707] - arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 (Mark Brown) [Orabug: 39157707] - tools headers arm64: Add NVIDIA Olympus part (Besar Wicaksono) [Orabug: 39157707] - perf arm-spe: Add NVIDIA Olympus to neoverse list (Besar Wicaksono) [Orabug: 39157707] - perf arm_spe: Add CPU variants supporting common data source packet (Leo Yan) [Orabug: 39157707] - arch_topology: Provide a stub topology_core_has_smt() for !CONFIG_GENERIC_ARCH_TOPOLOGY (Yicong Yang) [Orabug: 39157707] - perf: arm_pmuv3: Don't use PMCCNTR_EL0 on SMT cores (Yicong Yang) [Orabug: 39157707] - perf: arm_pmuv3: Factor out PMCCNTR_EL0 use conditions (Yicong Yang) [Orabug: 39157707] - perf/arm_cspmu: nvidia: Add pmevfiltr2 support (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Add pmpidr support (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Move register definitons to header (Robin Murphy) [Orabug: 39157707] - perf/arm_cspmu: Add callback to reset filter config (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Generalise event filtering (Robin Murphy) [Orabug: 39157707] - perf: arm_pmuv3: Add support for the Branch Record Buffer Extension (BRBE) (Rob Herring) [Orabug: 39157707] - arm64/sysreg: Add BRBE registers and fields (Anshuman Khandual) [Orabug: 39157707] - perf: arm_pmu: Move PMUv3-specific data (Mark Rutland) [Orabug: 39157707] - perf: apple_m1: Don't disable counter in m1_pmu_enable_event() (Rob Herring) [Orabug: 39157707] - perf: arm_v7_pmu: Don't disable counter in (armv7|krait_|scorpion_)pmu_enable_event() (Rob Herring) [Orabug: 39157707] - perf: arm_v7_pmu: Drop obvious comments for enabling/disabling counters and interrupts (Rob Herring) [Orabug: 39157707] - perf: arm_pmuv3: Don't disable counter in armv8pmu_enable_event() (Mark Rutland) [Orabug: 39157707] - ACPI: CPPC: Rename EPP constants for clarity (Sumit Gupta) [Orabug: 39157707] - ACPI: CPPC: Add three functions related to autonomous selection (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Modify cppc_get_auto_sel_caps() to cppc_get_auto_sel() (Lifeng Zheng) [Orabug: 39157707] - cpufreq/amd-pstate: Store the boost numerator as highest perf again (Mario Limonciello) [Orabug: 39157707] - ACPI: CPPC: Refactor register value get and set ABIs (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Add cppc_set_reg_val() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Extract cppc_get_reg_val_in_pcc() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Rename cppc_get_perf() to cppc_get_reg_val() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Optimize cppc_get_perf() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Factor out and export per-cpu cppc_perf_ctrs_in_pcc_cpu() (Jie Zhan) [Orabug: 39157707] - ACPI: CPPC: Clean up cppc_perf_caps and cppc_perf_ctrls structs (Sumit Gupta) [Orabug: 39157707] - cpufreq: CPPC: Add generic helpers for sysfs show/store (Sumit Gupta) [Orabug: 39157707] - cpufreq: CPPC: Add support for autonomous selection (Lifeng Zheng) [Orabug: 39157707] - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (Nirmoy Das) [Orabug: 39157707] - PCI: Add ASPEED vendor ID to pci_ids.h (Nirmoy Das) [Orabug: 39157707] - i2c: tegra: Add support for SW mutex register (Kartik) [Orabug: 39157707] - i2c: tegra: Use internal reset when reset property is not available (Akhil R) [Orabug: 39157707] - i2c: tegra: Add HS mode support (Akhil R) [Orabug: 39157707] - i2c: tegra: Update Tegra256 timing parameters (Akhil R) [Orabug: 39157707] - i2c: tegra: Use separate variables for fast and fastplus (Akhil R) [Orabug: 39157707] - i2c: tegra: Add Tegra264 support (Akhil R) [Orabug: 39157707] - i2c: tegra: Add Tegra256 support (Akhil R) [Orabug: 39157707] - i2c: tegra: Do not configure DMA if not supported (Kartik) [Orabug: 39157707] - gpio: tegra186: Fix GPIO name collisions for Tegra410 (Kartik) [Orabug: 39157707] - gpio: tegra186: Use generic macro for port definitions (Kartik) [Orabug: 39157707] - gpio: tegra186: Add support for Tegra410 (Prathamesh Shete) [Orabug: 39157707] - gpio: tegra186: Add support for Tegra256 (Prathamesh Shete) [Orabug: 39157707] - arm64: acpi: Enable ACPI CCEL support (Suzuki K Poulose) [Orabug: 39157707] - arm64: Enable EFI secret area Securityfs support (Suzuki K Poulose) [Orabug: 39157707] - arm64: realm: ioremap: Allow mapping memory as encrypted (Suzuki K Poulose) [Orabug: 39157707] - arm64: Document Arm Confidential Compute (Steven Price) [Orabug: 39157707] - virt: arm-cca-guest: TSM_REPORT support for realms (Sami Mujawar) [Orabug: 39157707] - arm64: Enable memory encrypt for Realms (Suzuki K Poulose) [Orabug: 39157707] - arm64: mm: Avoid TLBI when marking pages as valid (Steven Price) [Orabug: 39157707] - arm64: Enforce bounce buffers for realm DMA (Steven Price) [Orabug: 39157707] - efi: arm64: Map Device with Prot Shared (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Map unprotected MMIO as decrypted (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Add support for checking whether an MMIO is protected (Suzuki K Poulose) [Orabug: 39157707] - arm64: realm: Query IPA size from the RMM (Steven Price) [Orabug: 39157707] - arm64: Detect if in a realm and set RIPAS RAM (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Add RSI definitions (Suzuki K Poulose) [Orabug: 39157707] - PCI/TPH: Add TPH documentation (Wei Huang) [Orabug: 39157707] - PCI/TPH: Add Steering Tag support (Wei Huang) [Orabug: 39157707] - PCI: Add TLP Processing Hints (TPH) support (Wei Huang) [Orabug: 39157707] - sched: Update rq->avg_idle when a task is moved to an idle CPU (Shubhang Kaushik) [Orabug: 39214522] - arm64: mte: Set TCMA1 whenever MTE is present in the kernel (Carl Worth) [Orabug: 39214522] - x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241227,39273721] {CVE-2026-31628} - uek-rpm: Enable FWCTL modules for aarch64 (Dave Kleikamp) [Orabug: 39252919] - uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39259550]

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-14027 CVE-2024-58096 CVE-2024-58097 CVE-2025-10263 CVE-2025-21709 CVE-2025-21717 CVE-2025-21882 CVE-2025-22116 CVE-2025-38426 CVE-2025-38431 CVE-2025-38584 CVE-2025-39764 CVE-2025-39816 CVE-2025-39832 CVE-2025-39858 CVE-2025-39979 CVE-2025-40135 CVE-2025-40147 CVE-2025-40219 CVE-2025-54518 CVE-2025-68209 CVE-2025-68239 CVE-2025-68333 CVE-2025-68334 CVE-2025-68351 CVE-2025-68358 CVE-2025-68725 CVE-2025-68736 CVE-2025-68737 CVE-2025-71152 CVE-2025-71161 CVE-2025-71197 CVE-2025-71222 CVE-2025-71224 CVE-2025-71225 CVE-2025-71229 CVE-2025-71231 CVE-2025-71232 CVE-2025-71234 CVE-2025-71235 CVE-2025-71236 CVE-2025-71238 CVE-2025-71268 CVE-2025-71269 CVE-2025-71273 CVE-2025-71274 CVE-2025-71286 CVE-2025-71294 CVE-2025-71295 CVE-2025-71297 CVE-2025-71305 CVE-2026-22981 CVE-2026-22985 CVE-2026-22986 CVE-2026-22993 CVE-2026-23004 CVE-2026-23057 CVE-2026-23058 CVE-2026-23059 CVE-2026-23060 CVE-2026-23061 CVE-2026-23062 CVE-2026-23069 CVE-2026-23071 CVE-2026-23072 CVE-2026-23073 CVE-2026-23074 CVE-2026-23076 CVE-2026-23078 CVE-2026-23082 CVE-2026-23083 CVE-2026-23084 CVE-2026-23085 CVE-2026-23086 CVE-2026-23087 CVE-2026-23088 CVE-2026-23089 CVE-2026-23091 CVE-2026-23095 CVE-2026-23097 CVE-2026-23099 CVE-2026-23100 CVE-2026-23101 CVE-2026-23103 CVE-2026-23104 CVE-2026-23105 CVE-2026-23107 CVE-2026-23108 CVE-2026-23110 CVE-2026-23111 CVE-2026-23112 CVE-2026-23113 CVE-2026-23119 CVE-2026-23120 CVE-2026-23123 CVE-2026-23124 CVE-2026-23125 CVE-2026-23126 CVE-2026-23128 CVE-2026-23129 CVE-2026-23131 CVE-2026-23133 CVE-2026-23138 CVE-2026-23146 CVE-2026-23148 CVE-2026-23151 CVE-2026-23154 CVE-2026-23155 CVE-2026-23156 CVE-2026-23157 CVE-2026-23159 CVE-2026-23161 CVE-2026-23163 CVE-2026-23164 CVE-2026-23166 CVE-2026-23168 CVE-2026-23173 CVE-2026-23177 CVE-2026-23178 CVE-2026-23179 CVE-2026-23188 CVE-2026-23189 CVE-2026-23190 CVE-2026-23191 CVE-2026-23193 CVE-2026-23198 CVE-2026-23199 CVE-2026-23200 CVE-2026-23201 CVE-2026-23202 CVE-2026-23204 CVE-2026-23205 CVE-2026-23207 CVE-2026-23209 CVE-2026-23210 CVE-2026-23212 CVE-2026-23213 CVE-2026-23214 CVE-2026-23215 CVE-2026-23216 CVE-2026-23219 CVE-2026-23223 CVE-2026-23229 CVE-2026-23230 CVE-2026-23231 CVE-2026-23237 CVE-2026-23240 CVE-2026-23243 CVE-2026-23244 CVE-2026-23245 CVE-2026-23246 CVE-2026-23249 CVE-2026-23250 CVE-2026-23251 CVE-2026-23252 CVE-2026-23253 CVE-2026-23254 CVE-2026-23255 CVE-2026-23260 CVE-2026-23261 CVE-2026-23262 CVE-2026-23264 CVE-2026-23266 CVE-2026-23270 CVE-2026-23271 CVE-2026-23273 CVE-2026-23274 CVE-2026-23276 CVE-2026-23277 CVE-2026-23278 CVE-2026-23279 CVE-2026-23281 CVE-2026-23285 CVE-2026-23286 CVE-2026-23289 CVE-2026-23290 CVE-2026-23292 CVE-2026-23293 CVE-2026-23296 CVE-2026-23297 CVE-2026-23300 CVE-2026-23302 CVE-2026-23303 CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23309 CVE-2026-23310 CVE-2026-23312 CVE-2026-23313 CVE-2026-23315 CVE-2026-23316 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319 CVE-2026-23321 CVE-2026-23335 CVE-2026-23336 CVE-2026-23340 CVE-2026-23343 CVE-2026-23351 CVE-2026-23352 CVE-2026-23354 CVE-2026-23356 CVE-2026-23357 CVE-2026-23359 CVE-2026-23360 CVE-2026-23362 CVE-2026-23365 CVE-2026-23367 CVE-2026-23368 CVE-2026-23369 CVE-2026-23370 CVE-2026-23373 CVE-2026-23374 CVE-2026-23375 CVE-2026-23379 CVE-2026-23380 CVE-2026-23381 CVE-2026-23382 CVE-2026-23383 CVE-2026-23386 CVE-2026-23388 CVE-2026-23389 CVE-2026-23390 CVE-2026-23391 CVE-2026-23392 CVE-2026-23395 CVE-2026-23396 CVE-2026-23397 CVE-2026-23398 CVE-2026-23399 CVE-2026-23401 CVE-2026-23412 CVE-2026-23413 CVE-2026-23414 CVE-2026-23417 CVE-2026-23420 CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23440 CVE-2026-23441 CVE-2026-23442 CVE-2026-23443 CVE-2026-23444 CVE-2026-23445 CVE-2026-23447 CVE-2026-23448 CVE-2026-23449 CVE-2026-23452 CVE-2026-23454 CVE-2026-23455 CVE-2026-23456 CVE-2026-23457 CVE-2026-23458 CVE-2026-23461 CVE-2026-23462 CVE-2026-23465 CVE-2026-23468 CVE-2026-23473 CVE-2026-23474 CVE-2026-23475 CVE-2026-31389 CVE-2026-31392 CVE-2026-31393 CVE-2026-31394 CVE-2026-31396 CVE-2026-31399 CVE-2026-31400 CVE-2026-31402 CVE-2026-31403 CVE-2026-31405 CVE-2026-31406 CVE-2026-31407 CVE-2026-31408 CVE-2026-31411 CVE-2026-31413 CVE-2026-31414 CVE-2026-31415 CVE-2026-31416 CVE-2026-31418 CVE-2026-31419 CVE-2026-31421 CVE-2026-31422 CVE-2026-31423 CVE-2026-31424 CVE-2026-31426 CVE-2026-31427 CVE-2026-31428 CVE-2026-31429 CVE-2026-31430 CVE-2026-31431 CVE-2026-31434 CVE-2026-31436 CVE-2026-31438 CVE-2026-31440 CVE-2026-31441 CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31449 CVE-2026-31450 CVE-2026-31451 CVE-2026-31452 CVE-2026-31453 CVE-2026-31454 CVE-2026-31455 CVE-2026-31456 CVE-2026-31458 CVE-2026-31462 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469 CVE-2026-31470 CVE-2026-31473 CVE-2026-31474 CVE-2026-31479 CVE-2026-31480 CVE-2026-31487 CVE-2026-31488 CVE-2026-31489 CVE-2026-31492 CVE-2026-31494 CVE-2026-31495 CVE-2026-31496 CVE-2026-31497 CVE-2026-31498 CVE-2026-31500 CVE-2026-31503 CVE-2026-31504 CVE-2026-31505 CVE-2026-31506 CVE-2026-31508 CVE-2026-31510 CVE-2026-31511 CVE-2026-31512 CVE-2026-31513 CVE-2026-31514 CVE-2026-31515 CVE-2026-31516 CVE-2026-31518 CVE-2026-31519 CVE-2026-31520 CVE-2026-31521 CVE-2026-31522 CVE-2026-31523 CVE-2026-31524 CVE-2026-31525 CVE-2026-31527 CVE-2026-31528 CVE-2026-31530 CVE-2026-31531 CVE-2026-31532 CVE-2026-31533 CVE-2026-31540 CVE-2026-31542 CVE-2026-31546 CVE-2026-31548 CVE-2026-31550 CVE-2026-31551 CVE-2026-31552 CVE-2026-31554 CVE-2026-31555 CVE-2026-31556 CVE-2026-31557 CVE-2026-31561 CVE-2026-31563 CVE-2026-31565 CVE-2026-31566 CVE-2026-31570 CVE-2026-31575 CVE-2026-31578 CVE-2026-31580 CVE-2026-31581 CVE-2026-31583 CVE-2026-31586 CVE-2026-31588 CVE-2026-31590 CVE-2026-31593 CVE-2026-31596 CVE-2026-31597 CVE-2026-31598 CVE-2026-31602 CVE-2026-31604 CVE-2026-31607 CVE-2026-31614 CVE-2026-31624 CVE-2026-31625 CVE-2026-31628 CVE-2026-31634 CVE-2026-31638 CVE-2026-31639 CVE-2026-31642 CVE-2026-31647 CVE-2026-31648 CVE-2026-31649 CVE-2026-31651 CVE-2026-31656 CVE-2026-31657 CVE-2026-31658 CVE-2026-31659 CVE-2026-31661 CVE-2026-31662 CVE-2026-31664 CVE-2026-31665 CVE-2026-31666 CVE-2026-31667 CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671 CVE-2026-31672 CVE-2026-31673 CVE-2026-31674 CVE-2026-31675 CVE-2026-31676 CVE-2026-31677 CVE-2026-31678 CVE-2026-31679 CVE-2026-31680 CVE-2026-31681 CVE-2026-31682 CVE-2026-31683 CVE-2026-31684 CVE-2026-31685 CVE-2026-31688 CVE-2026-31689 CVE-2026-31693 CVE-2026-31694 CVE-2026-31696 CVE-2026-31697 CVE-2026-31698 CVE-2026-31699 CVE-2026-31700 CVE-2026-31701 CVE-2026-31708 CVE-2026-31709 CVE-2026-31729 CVE-2026-31731 CVE-2026-31733 CVE-2026-31738 CVE-2026-31752 CVE-2026-31758 CVE-2026-31759 CVE-2026-31761 CVE-2026-31762 CVE-2026-31763 CVE-2026-31765 CVE-2026-31767 CVE-2026-31772 CVE-2026-31773 CVE-2026-31774 CVE-2026-31776 CVE-2026-31778 CVE-2026-31779 CVE-2026-31781 CVE-2026-31786 CVE-2026-31787 CVE-2026-31788 CVE-2026-43012 CVE-2026-43013 CVE-2026-43014 CVE-2026-43015 CVE-2026-43016 CVE-2026-43017 CVE-2026-43018 CVE-2026-43019 CVE-2026-43020 CVE-2026-43023 CVE-2026-43024 CVE-2026-43025 CVE-2026-43026 CVE-2026-43027 CVE-2026-43028 CVE-2026-43030 CVE-2026-43033 CVE-2026-43035 CVE-2026-43036 CVE-2026-43037 CVE-2026-43038 CVE-2026-43040 CVE-2026-43041 CVE-2026-43043 CVE-2026-43046 CVE-2026-43047 CVE-2026-43049 CVE-2026-43050 CVE-2026-43051 CVE-2026-43052 CVE-2026-43054 CVE-2026-43056 CVE-2026-43057 CVE-2026-43059 CVE-2026-43060 CVE-2026-43061 CVE-2026-43062 CVE-2026-43063 CVE-2026-43064 CVE-2026-43065 CVE-2026-43066 CVE-2026-43068 CVE-2026-43069 CVE-2026-43071 CVE-2026-43072 CVE-2026-43073 CVE-2026-43074 CVE-2026-43075 CVE-2026-43076 CVE-2026-43077 CVE-2026-43078 CVE-2026-43079 CVE-2026-43080 CVE-2026-43084 CVE-2026-43085 CVE-2026-43086 CVE-2026-43089 CVE-2026-43090 CVE-2026-43091 CVE-2026-43092 CVE-2026-43093 CVE-2026-43094 CVE-2026-43099 CVE-2026-43104 CVE-2026-43105 CVE-2026-43107 CVE-2026-43110 CVE-2026-43111 CVE-2026-43112 CVE-2026-43113 CVE-2026-43114 CVE-2026-43117 CVE-2026-43119 CVE-2026-43120 CVE-2026-43123 CVE-2026-43124 CVE-2026-43125 CVE-2026-43126 CVE-2026-43128 CVE-2026-43129 CVE-2026-43130 CVE-2026-43132 CVE-2026-43133 CVE-2026-43134 CVE-2026-43135 CVE-2026-43136 CVE-2026-43137 CVE-2026-43139 CVE-2026-43140 CVE-2026-43143 CVE-2026-43147 CVE-2026-43150 CVE-2026-43152 CVE-2026-43153 CVE-2026-43156 CVE-2026-43158 CVE-2026-43161 CVE-2026-43163 CVE-2026-43167 CVE-2026-43168 CVE-2026-43169 CVE-2026-43170 CVE-2026-43171 CVE-2026-43177 CVE-2026-43178 CVE-2026-43180 CVE-2026-43186 CVE-2026-43187 CVE-2026-43189 CVE-2026-43190 CVE-2026-43194 CVE-2026-43199 CVE-2026-43201 CVE-2026-43206 CVE-2026-43210 CVE-2026-43211 CVE-2026-43214 CVE-2026-43215 CVE-2026-43218 CVE-2026-43220 CVE-2026-43223 CVE-2026-43231 CVE-2026-43233 CVE-2026-43238 CVE-2026-43239 CVE-2026-43243 CVE-2026-43246 CVE-2026-43248 CVE-2026-43251 CVE-2026-43252 CVE-2026-43253 CVE-2026-43255 CVE-2026-43257 CVE-2026-43260 CVE-2026-43261 CVE-2026-43262 CVE-2026-43264 CVE-2026-43265 CVE-2026-43266 CVE-2026-43271 CVE-2026-43273 CVE-2026-43275 CVE-2026-43277 CVE-2026-43278 CVE-2026-43279 CVE-2026-43281 CVE-2026-43284 CVE-2026-43287 CVE-2026-43288 CVE-2026-43289 CVE-2026-43292 CVE-2026-43304 CVE-2026-43306 CVE-2026-43313 CVE-2026-43314 CVE-2026-43315 CVE-2026-43316 CVE-2026-43318 CVE-2026-43319 CVE-2026-43320 CVE-2026-43328 CVE-2026-43329 CVE-2026-43332 CVE-2026-43333 CVE-2026-43334 CVE-2026-43336 CVE-2026-43338 CVE-2026-43339 CVE-2026-43341 CVE-2026-43350 CVE-2026-43357 CVE-2026-43359 CVE-2026-43360 CVE-2026-43361 CVE-2026-43362 CVE-2026-43363 CVE-2026-43365 CVE-2026-43366 CVE-2026-43368 CVE-2026-43370 CVE-2026-43371 CVE-2026-43374 CVE-2026-43381 CVE-2026-43382 CVE-2026-43383 CVE-2026-43392 CVE-2026-43393 CVE-2026-43394 CVE-2026-43395 CVE-2026-43397 CVE-2026-43403 CVE-2026-43405 CVE-2026-43406 CVE-2026-43407 CVE-2026-43408 CVE-2026-43409 CVE-2026-43411 CVE-2026-43413 CVE-2026-43415 CVE-2026-43419 CVE-2026-43420 CVE-2026-43425 CVE-2026-43427 CVE-2026-43428 CVE-2026-43429 CVE-2026-43430 CVE-2026-43432 CVE-2026-43436 CVE-2026-43437 CVE-2026-43438 CVE-2026-43439 CVE-2026-43441 CVE-2026-43444 CVE-2026-43445 CVE-2026-43448 CVE-2026-43449 CVE-2026-43450 CVE-2026-43451 CVE-2026-43452 CVE-2026-43453 CVE-2026-43456 CVE-2026-43459 CVE-2026-43466 CVE-2026-43468 CVE-2026-43469 CVE-2026-43470 CVE-2026-43471 CVE-2026-43472 CVE-2026-43473 CVE-2026-43475 CVE-2026-43482 CVE-2026-43483 CVE-2026-43484 CVE-2026-43486 CVE-2026-43487 CVE-2026-43488 CVE-2026-43491 CVE-2026-43493 CVE-2026-43499 CVE-2026-43500 CVE-2026-43501 CVE-2026-43503 CVE-2026-45847 CVE-2026-45851 CVE-2026-45852 CVE-2026-45853 CVE-2026-45855 CVE-2026-45856 CVE-2026-45857 CVE-2026-45858 CVE-2026-45859 CVE-2026-45860 CVE-2026-45861 CVE-2026-45862 CVE-2026-45868 CVE-2026-45870 CVE-2026-45871 CVE-2026-45872 CVE-2026-45873 CVE-2026-45877 CVE-2026-45878 CVE-2026-45886 CVE-2026-45888 CVE-2026-45890 CVE-2026-45892 CVE-2026-45894 CVE-2026-45895 CVE-2026-45898 CVE-2026-45899 CVE-2026-45905 CVE-2026-45910 CVE-2026-45912 CVE-2026-45913 CVE-2026-45914 CVE-2026-45915 CVE-2026-45916 CVE-2026-45917 CVE-2026-45919 CVE-2026-45920 CVE-2026-45922 CVE-2026-45923 CVE-2026-45925 CVE-2026-45933 CVE-2026-45941 CVE-2026-45942 CVE-2026-45943 CVE-2026-45947 CVE-2026-45948 CVE-2026-45949 CVE-2026-45957 CVE-2026-45962 CVE-2026-45964 CVE-2026-45968 CVE-2026-45970 CVE-2026-45972 CVE-2026-45973 CVE-2026-45974 CVE-2026-45976 CVE-2026-45982 CVE-2026-45983 CVE-2026-45984 CVE-2026-45985 CVE-2026-45987 CVE-2026-45988 CVE-2026-45992 CVE-2026-45997 CVE-2026-45998 CVE-2026-46000 CVE-2026-46002 CVE-2026-46003 CVE-2026-46004 CVE-2026-46005 CVE-2026-46006 CVE-2026-46015 CVE-2026-46018 CVE-2026-46021 CVE-2026-46023 CVE-2026-46024 CVE-2026-46026 CVE-2026-46028 CVE-2026-46033 CVE-2026-46037 CVE-2026-46038 CVE-2026-46040 CVE-2026-46043 CVE-2026-46046 CVE-2026-46047 CVE-2026-46048 CVE-2026-46049 CVE-2026-46050 CVE-2026-46051 CVE-2026-46052 CVE-2026-46056 CVE-2026-46061 CVE-2026-46069 CVE-2026-46070 CVE-2026-46076 CVE-2026-46078 CVE-2026-46079 CVE-2026-46080 CVE-2026-46082 CVE-2026-46083 CVE-2026-46084 CVE-2026-46085 CVE-2026-46086 CVE-2026-46088 CVE-2026-46089 CVE-2026-46091 CVE-2026-46092 CVE-2026-46094 CVE-2026-46099 CVE-2026-46101 CVE-2026-46102 CVE-2026-46109 CVE-2026-46165 CVE-2026-46242 CVE-2026-46243 CVE-2026-46300 CVE-2026-46331 CVE-2026-46333 CVE-2026-52943

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here